Using a ploy, thieves steal your identity on the WhatsApp messaging service and block your account, before attacking the accounts of people you know. The cases are multiplying.
Hackers are very imaginative when it comes to stealing data to steal from you. Recently, the National Cyber Security Centre (NCSC) has been receiving numerous reports of WhatsApp accounts being hacked. With a new modus operandi.
The victims received calls on their mobile phones at night. They then lost access to their WhatsApp messaging service. Their acquaintances also noticed that strange profile pictures were appearing on the hacked accounts and that unknown numbers were being added to shared groups. In addition, WhatsApp displayed a message indicating that the account owners had breached the terms of use. To top it all off, the cybercriminals then activated two-factor authentication to prevent the real owners from recovering their accounts.
Machiavellian scenario
The NCSC has analysed the trick. First, the cybercriminals set their victims' phone numbers as their own on their own WhatsApp accounts. A code was then sent to the email address registered on the victims' account to verify its legitimacy. Except that if this method doesn't work, users can have the code sent to them by phone or on their answering machine if no one picks up, which is often the case at night. And as very few users set a new password after installing their voicemail, it is only protected by the default password, typically the last digits of the corresponding telephone number. Hackers take advantage of this to access the message enabling them to reset their victim's WhatsApp account.
To be sure of locking in the fraud, cybercriminals activate two-factor authentication to prevent the legitimate owner of the WhatsApp account from regaining access. They then attempt to hack into the accounts of the victim's contacts.
The parade
- Change all default passwords by choosing complex combinations
- Activate two-factor authentication as often as possible. This method is sometimes also called "two-step identification".
- If you receive suspicious notifications from your telephone operator, report the incident as soon as possible.
- More generally, good password practice also applies to PIN codes. Under no circumstances should such information be passed on to third parties or entered on unsecured websites.
Source: 20min
English 
French