A particularly convincing scam is targeting WhatsApp users. As one user explains on Reddit, hackers have found a way to impersonate the instant messaging service. With a screenshot to support this, the German-born user shows that he has been the target of a terribly well-crafted cyberattack.
The official WhatsApp number spoofed
It all starts with sending an SMS... from the official number used by WhatsApp. In fact, the fraudulent message will be added to the other messages already sent by the messaging service to the user, such as login codes. The cybercriminals have indeed managed to spoof the WhatsApp number, which considerably increases the effectiveness of the scam.
Unfortunately, it is quite easy to spoof a phone number, including an official one. When a call is made or a text message is sent, the information displayed as the sender's number can be manipulated without much difficulty by scammers. There are online services, software, or even specialized boxes that allow you to choose the number that will be displayed on the recipient's phone. With just a few clicks, you can make it appear that a call is coming from a loved one, a business, or even an official institution. It costs money, but it's completely doable.
"Your account must be suspended"
The fraudulent text message states that "Your account must be suspended due to illegal activities". This claim is intended to cause concern among victims. No one likes to be accused criminal activities for no reason.
To lift the block, the target is invited to click on a link, which is included in the SMS. Intrigued by the message's claims, the victim will quickly open the link. This will open a fraudulent webpage that pretends to be the official WhatsApp website. On this site, an intelligent chatbot will guide the Internet user through the supposed steps required by WhatsApp, reports CCM. At the end of the verification process, the phishing site collects all of the target's WhatsApp credentials. It can then log in to the account using the username and password.
The login code in the hackers' sights
During the process, the hackers ask the target to provide a login code sent by WhatsApp. When you install WhatsApp on a new phone, the application automatically sends a six-digit verification code via SMS. This code is essential: it allows you to prove that you are the owner of the number and to connect your account to the device.
With the code and your credentials, they install your account on their own smartphone. Hackers can then read your messages and send messages pretending to be you. The account can be used to spread other scams to your contacts. If you think someone else is using your WhatsApp account, "you should inform your family and friends, as this person could be pretending to be you," reminds WhatsApp.
To avoid falling into this well-crafted trap, we recommend that you take a step back from all requests received by SMS, including official communications. If in doubt, contact WhatsApp first before clicking on a link under false pretenses.
0 Comments