Are you a WhatsApp user? If so, be aware that hackers have worked out a means of hijacking a user’s WhatsApp account and gaining access to a user’s contact list and personal messages.
The attack relies on mobile carriers’ automated service to forward calls to different phone numbers, which is a service every major mobile carrier offers.
Unfortunately, it can be exploited by hackers by tricking users into forwarding their calls to a number that the hackers control. So when WhatsApp sends a one-time password (OTP) verification via voice call, the hackers wind up with the code.
Rahul Sasi is the CEO and founder of CloudSEK which is a digital risk protection company.
Sasi had this to say about the attack:
“First, you receive a call from the attacker who will convince you to make a call to the following number **67* or *405*. Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account.”
Once the hackers have tricked a user into forwarding their calls, they initiate the WhatsApp registration process on their device, naturally choosing the option to receive the OTP via voice call.
There are a few caveats here, and this methodology is by no means fool proof. For example, the victim does get a text message stating that his/her WhatsApp account is being registered on another device. When there’s a lot going on that’s easy to miss, but an observant user won’t.
Also, if call forwarding has already been activated on the victim’s device, then the attacker must use a different phone number than the one used for the redirection. This usually won’t stop a determined attacker, but it will take a bit more social engineering and moxie to pull off.
The bottom line is, if you’re a WhatsApp user, someone may try this on you. So be on the alert for it.