Using a ploy, thieves steal your identity on the WhatsApp messaging service and block your account, before attacking the accounts of people you know. The cases are multiplying.
Hackers are very imaginative when it comes to stealing data to steal from you. Recently, the National Cyber Security Centre (NCSC) has been receiving numerous reports of WhatsApp accounts being hacked. With a new modus operandi.
The NCSC has analysed the trick. First, the cybercriminals set their victims' phone numbers as their own on their own WhatsApp accounts. A code was then sent to the email address registered on the victims' account to verify its legitimacy. Except that if this method doesn't work, users can have the code sent to them by phone or on their answering machine if no one picks up, which is often the case at night. And as very few users set a new password after installing their voicemail, it is only protected by the default password, typically the last digits of the corresponding telephone number. Hackers take advantage of this to access the message enabling them to reset their victim's WhatsApp account.
To be sure of locking in the fraud, cybercriminals activate two-factor authentication to prevent the legitimate owner of the WhatsApp account from regaining access. They then attempt to hack into the accounts of the victim's contacts.
- Change all default passwords by choosing complex combinations
- Activate two-factor authentication as often as possible. This method is sometimes also called "two-step identification".
- If you receive suspicious notifications from your telephone operator, report the incident as soon as possible.
- More generally, good password practice also applies to PIN codes. Under no circumstances should such information be passed on to third parties or entered on unsecured websites.