How can you defend yourself from yet another computer scam
It is not new, but in recent weeks it has started to circulate again. Let's talk about the fraud about WhatsApp and the ability, on the part of crafty hackers, to steal the profile of any user.
How can you appropriate the profile of a WhatsApp user
Do you remember what you had to do when you installed WhatsApp on your mobile? The indispensable condition to be able to use it was that of indicate the number of your mobile phone where you would have used the app. Once this has been done, a 6-digit registration code, with which you have completed the registration. And it is precisely this type of code that sends WhatsApp to the center of the scam concocted by hackers. How?
Un 6-digit registration code is also sent for the check and for the cultural, phone number. This way WhatsApp makes sure the phone number belongs really to the owner of the number itself.
So what do the scammers do? They use techniques of "social engineering"(" Social engineering ", as it has been baptized in national language), or they try to steal good faith, naivety, or simply a moment of distraction from potential victims.
Technically, cybercriminals do this:
1) simply knowing the telephone number of the victim, send a request to change the phone number to WhatsApp with this number
2) WhatsApp sends a code to 6 digits to the number of the victim. The scammers are halfway there, now it is essential for them to take possession of that code to take possession of the victim's account. And this is where ...
3)… the criminals send an SMS asking for this code to be sent to them. In this way they will be able to activate WhatsApp, on another smartphone (owned by them), but which refers to the victim's phone number. Usually the SMS contains this text (or in any case a similar text): "Hi, I sent you a code by mistake, could you send it back to me?". The victim usually falls for it and really sends it back, because the SMS seems to come from a trusted person (a friend, relative, etc.). This person's phone number can be stolen in many ways and circumstances.
At this point the hacker will have "come full circle". Having 1) our number and 2) the 6-digit code will take over our WhatsApp profile, disconnecting us (this is because WhatsApp can only be used by one mobile number at a time).
Buy your next smartphone here!
What are the consequences
The scammer becomes the “owner” of the profile and can do (almost) whatever he wants with it. You can change settings, send new messages, delete groups you are an administrator of, or even delete groups themselves. Fortunately, he cannot read the old chats.
But the most "interesting" thing it can do is to see the telephone numbers of group participants: this is the method that allows him to easily find new "victims" to spread the scam, just like in a chain of San Antonio.
WhatsApp, among other things, with the "change number" function allows you to notify your contacts of the change that has taken place. If these contacts add (in total good faith) this unknown number, the hacker will have another way to find other phone numbers.
Tips to avoid the theft of your WhatsApp profile
The first is that of NEVER send the 6-digit code to anyone (even if the sender is known): the request can only be made by WhatsApp, but only if you have been tu, in the first person, to interact with WhatsApp itself.
In the same way, NEVER click on any link present in an SMS.
Then, you can put a spoke in the wheels of hackers by introducing two other levels of security. The first consists inenable security notifications. Go up Settings, Account, Safety and select the item Show security notifications.
The second, in setting the "Two-step verification”, Through which WhatsApp will ask for ANOTHER six-digit PIN from anyone (including yourself) who tries to change phone and number.
To do this, go up Settings, Account, Two-step verification.
What to do if the theft of the profile was successful
First of all, immediately notify all your contacts of the incident, so that they do not unwittingly become victims and active protagonists of the "chain".
To recover your account, try to access WhatsApp (possibly uninstall and reinstall it) with your phone number, accept the terms of use (tap "Accept and continue") and enter your phone number. Touch NEXT, Ok, and verify the number by entering the 6-digit code you just received via SMS.
Once this code is entered, anyone using your account will be automatically logged out. The hacker using your profile may have activated XNUMX-Step Verification - you know right away if asked.
WhatsApp stipulates that 7 days must pass before you can log in without typing the two-step verification code. And anyway (whether you know this code or not) the scammer is logged out of your account when you enter the 6-digit code received via SMS.
One last thing: do you also use WhatsApp Web on your PC for convenience? If you can log into your account, much better you log out of all computers (here instructions to do so).