Using WhatsApp accounts and avoiding attacks through social engineering methods

In the last period of time in Romania there have been several cyber attacks that have targeted emails and messages through communication applications. It is about the attackers trying to gain access to the WhatsApp accounts of certain target people through advanced social engineering techniques.

How does this type of cyber attack work?

To use the WhatsApp application we need to connect with the phone number. When logging in to an existing WhatsApp account, the app will automatically send you a unique password via SMS to verify your phone number.
Attackers take advantage of this process to take control of those WhatsApp accounts targeted by them.
Attackers can take many forms, using fake identities (close friend, WhatsApp Support Team, store chain, etc.) to protect and use stolen data. In an attempt to mislead potential victims and for a higher success rate, the attackers also intend to use fake email addresses or user accounts as belonging to well-known public institutions or organizations in Romania.
In many cases, attackers obtain a victim’s phone number through an already compromised WhatsApp account. The next step is to reinstall the application on the attacker’s phone, which provides the victim’s phone number. She will receive a registration code via SMS, which is later requested by the attacker playing the role of a friend, or even the WhatsApp Support Team. To avoid such events, it is necessary to activate the “Two-Step Verification” option. This can be found in the settings in the WhatsApp application.

False promotions on e-commerce platforms

Attackers use hijacked WhatsApp accounts to distribute fake content messages to e-commerce platforms (such as special offers) to targeted users. With this information, victims are tricked into sending a “promotional code” received on their phone, which is actually a WhatsApp registration code.
This promo code is often accompanied by a link along with a text stating that the application on the link in the message must be downloaded in order to claim the prize won for a large sum of money (you can see the example in the image attached to this article).

Access your default voicemail accounts

If the user turns off the phone (usually at night), the attacker may repeatedly enter the wrong WhatsApp registration code. Therefore, an attacker could choose to perform voice verification, where WhatsApp will ring the user’s phone and send a code that will read “aloud” in the message. Of course, the voicemail will be forwarded to the victim’s voicemail, which can be easily accessed if the victim has not changed their default password.

Tips for securing your WhatsApp account

To avoid the described attacks, it is recommended to implement the following security measures:
  • Activating the “Two-Step Verification” option on WhatsApp, which can be found in the settings for the WhatsApp application.
  • Change your voicemail PIN. More information can be obtained by contacting your mobile service provider.
  • Don’t share one-time passwords or WhatsApp-specific passwords with anyone.
  • Do not reply to messages from a contact or a stranger asking for these codes.
  • Do not access links or provide personal information in these conversations.
  • Verify the authenticity of the message by alternative means, such as calling the contact. If the message is from an unknown contact, report the number to WhatsApp.

What do you need to do to recover your account?

If you have been the victim of such an attack, you can log in to your WhatsApp account via your phone number. You will receive a new registration code, and the attacker will be logged out.
If the attacker has activated 2-step authentication (2FA), you may have to wait 7 days to access the account without two-step verification. Victims who prefer to delete and reinstall the application will lose their conversation history, in cases where they do not have previous backups available to work.
In order to limit the risk of ransomware infection and to avoid encrypting or destroying data, it is also mandatory to back up sites, databases or any other type of data exposed on the Internet, as well as to store such copies. in separate locations.


More posts

Security guide for using Android devices in companies

Configure and secure devices with Android operating system Android is a mobile operating system developed and marketed by Google and used on various portable devices such as smartphones, tablets and more. Although this guide applies to multiple versions of Android, it was designed using devices running Android 10 and configured for business models. Below is



Using WhatsApp accounts and avoiding attacks through social engineering methods

In the last period of time in Romania there have been several cyber attacks that have targeted emails and messages …

See more →

Infection of devices with malware by using the image of some banks in Romania

Romanian bank customers are still the target of cyber attacks by several methods, one of which is e-mail attacks. A …

See more →

Flubot attacks – a variant of malware especially for users of the Android operating system

Flubot attacks are a variant of malware, especially for Android that steals sensitive information through SMS sent to users in …

See more →



Cyber security is the application of technologies and processes to protect systems, networks, devices and data from cyber attacks.

Hardware Development

In this segment of technology, we rely on the actual construction of prototypes for security.

Networking and robotics

Our company offers indoor or street car park management services. This is essential, given the steady increase in the number of cars that require well-developed logistics.

Custom cloud services

Our company offers cloud servers, customized with security included and backup solutions for cyber attacks. How do cloud services work?