If someone asks you for a six-digit code that you have just received on WhatsApp, do not give it to them: it is a trick to steal your account
The last person you distrust is your mother. If she sends you a message asking for a code, because the poor thing has been involved (damn things), you give it to her. The next second, you can no longer enter your WhatsApp account. Your mother was not your mother but a cracker who has impersonated her from her phone number.
For a few months we have seen a new form of identity theft arrive: write to you from the number of your own acquaintances and relatives so that you do not suspect. It is a chain attack to take over your WhatsApp account and continue the attack by writing to your contacts, and so on.
It is a very effective method because once you manage to impersonate someone it is much easier to follow the chain and get hold of their contact accounts. We have spoken with several people who have been contacted by these attackers. Let’s see your modus operandi.
“I sent you a 6-digit code by mistake. Can you pass it on to me?”
First of all, what is this code they ask of you? In order to protect your account, WhatsApp sends a notification push when someone tries to register a WhatsApp account with your phone number. To keep the account safe, it is important that you do not share the verification code with anyone.
If you receive this notification without asking for it, it means that someone entered your phone number and asked for the registration code. If someone is trying to take over your account, to do so, they will need the verification code that was sent by SMS message to your phone. Without that code, no user who tries to verify your number will be able to complete the verification process and use the number on WhatsApp.
What is the trick of these criminals to convince you to give you that verification code? Posing as one of your trusted contacts. This was the case of Antonio, to whom one of his friends wrote: “Then I fell into the mistake I had just made, since logic says that at no time should this person have asked me for such a code and I tried to enter my account again. There I received the message that I no longer had access to the account because, given how WhatsApp works, an account cannot be used on two phones at the same time. “
We have many more testimonials along the same lines. The same story repeated over and over again that is repeated, apparently, since August 2020. Once they access your account, they write the same message to all your contacts.
How to recover a stolen account … and what do they want when they steal it from you
Some of the previous victims were able to get their account back by requesting another verification code and hastily entering it to regain control of the account. If it does not work, the most effective is to contact directly with WhatsApp to report the theft.
The next step would be to send an email including the phrase “Stolen / lost phone: Please deactivate my account” in your message and your phone number in the full international format, adding the national prefix. In any case, the first thing we recommend is that turn on 2-step verification.
As for “what do they intend with this robbery”, Sergio Carrasco, an expert lawyer in the right to be forgotten and cybersecurity among other specialties explains that these are “examples of phishing to get access to the WhatsApp account, and that ends in spoofing“.
Your objective can be varied. On the one hand, obtain a trusted account from which to carry out other attacks, As the CEO fraud even at more everyday levels. On the other, along a similar line, to request financial assistance from close contacts alleging an extraordinary situation, depending on the profile of the account obtained.
“These actions are usually highly automated (they are usually bots that communicate with the WhatsApp API to request the recovery, so as not to go number by number manually), which is why sometimes it reaches profiles of which it seems that You will not be able to obtain anything. It would be different if you could make payments directly from WhatsApp, which is currently not the case, “explains Sergio. We will have to be even more attentive for when payments via WhatsApp yes be with us.