New WhatsApp scam allows hackers to steal your account

WhatsApp is one of the most attractive targets for hackers looking to deploy electronic fraud campaigns, as it represents a point of access to a large amount of confidential information. Rahul Sasi, founder, and CEO of the security firm CloudSEK detailed the detection of a new attack that allows hacking WhatsApp accounts in a very simple and inadvertent way for victims.

The attack described by the expert in an interview for 91 Mobiles is very simple and begins with the target user receiving a call from the threat actors asking to call a specific number. If the user makes the call, the attackers will be able to take control of their account in a matter of seconds.

The technique is similar to the OTP attack identified in April 2021 and could prove highly effective against unsuspecting users. Let’s look at the most important steps of the attack and how to prevent them:

As we mentioned before, the attack begins with hackers calling the potential victim to convince them to dial a number with the structure *67-(10-digit number)*, or *405-(10-digit number)*. Shortly after dialing one of these numbers, the user’s account will be hijacked by hackers.  

When hackers gain access to the affected accounts, they will start requesting money from the victim’s contacts. According to Sasi, since many phone companies use numbers starting with ’67’ and ’45’, it is completely understandable that users fall into the trap.

This is not a tactic too different from other tricks employed by cybercriminals before. Previous research has detected several similar ways to gain control of accounts on WhatsApp by intercepting OTP tokens, highly stealthy attacks that do not generate suspicion in affected users until it is too late.

Faced with this constant risk, users should stay forewarned; Enabling multi-factor authentication and ignoring these kinds of messages or phone calls are the best ways to prevent access key theft.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.