In the last period of time in Romania there have been several cyber attacks that have targeted emails and messages through communication applications. It is about the attackers trying to gain access to the WhatsApp accounts of certain target people through advanced social engineering techniques.
How does this type of cyber attack work?
To use the WhatsApp application we need to connect with the phone number. When logging in to an existing WhatsApp account, the app will automatically send you a unique password via SMS to verify your phone number.
Attackers take advantage of this process to take control of those WhatsApp accounts targeted by them.
Attackers can take many forms, using fake identities (close friend, WhatsApp Support Team, store chain, etc.) to protect and use stolen data. In an attempt to mislead potential victims and for a higher success rate, the attackers also intend to use fake email addresses or user accounts as belonging to well-known public institutions or organizations in Romania.
In many cases, attackers obtain a victim’s phone number through an already compromised WhatsApp account. The next step is to reinstall the application on the attacker’s phone, which provides the victim’s phone number. She will receive a registration code via SMS, which is later requested by the attacker playing the role of a friend, or even the WhatsApp Support Team. To avoid such events, it is necessary to activate the “Two-Step Verification” option. This can be found in the settings in the WhatsApp application.
False promotions on e-commerce platforms
Attackers use hijacked WhatsApp accounts to distribute fake content messages to e-commerce platforms (such as special offers) to targeted users. With this information, victims are tricked into sending a “promotional code” received on their phone, which is actually a WhatsApp registration code.
This promo code is often accompanied by a link along with a text stating that the application on the link in the message must be downloaded in order to claim the prize won for a large sum of money (you can see the example in the image attached to this article).
Access your default voicemail accounts
If the user turns off the phone (usually at night), the attacker may repeatedly enter the wrong WhatsApp registration code. Therefore, an attacker could choose to perform voice verification, where WhatsApp will ring the user’s phone and send a code that will read “aloud” in the message. Of course, the voicemail will be forwarded to the victim’s voicemail, which can be easily accessed if the victim has not changed their default password.
Tips for securing your WhatsApp account
- Activating the “Two-Step Verification” option on WhatsApp, which can be found in the settings for the WhatsApp application.
- Change your voicemail PIN. More information can be obtained by contacting your mobile service provider.
- Don’t share one-time passwords or WhatsApp-specific passwords with anyone.
- Do not reply to messages from a contact or a stranger asking for these codes.
- Do not access links or provide personal information in these conversations.
- Verify the authenticity of the message by alternative means, such as calling the contact. If the message is from an unknown contact, report the number to WhatsApp.
What do you need to do to recover your account?
If you have been the victim of such an attack, you can log in to your WhatsApp account via your phone number. You will receive a new registration code, and the attacker will be logged out.
If the attacker has activated 2-step authentication (2FA), you may have to wait 7 days to access the account without two-step verification. Victims who prefer to delete and reinstall the application will lose their conversation history, in cases where they do not have previous backups available to work.
In order to limit the risk of ransomware infection and to avoid encrypting or destroying data, it is also mandatory to back up sites, databases or any other type of data exposed on the Internet, as well as to store such copies. in separate locations.
