Criminals are always on the lookout for WhatsApp accounts.
When it comes to accessing PIN codes to take them over, they deploy a variety of equally ingenious tricks.
A common tactic is to request the code via call.
When they make this request at night (when most targets are asleep and therefore unresponsive), the code is then sent to voicemail, which they then target.
Currently, the NCSC is noting a rise in reports linked to these incursions in their latest newsletter.
This isn’t NCSC’s first alert; they highlighted this risk two years ago.
These days, they’re once again inundated with similar reports.
The facts
Several victims reported being called during the night, then losing access to their WhatsApp accounts.
Anomalies, such as unpublished profile photos or the addition of unidentified numbers to groups, were noted by their contacts.
In addition, a message was displayed on WhatsApp, suggesting a violation of terms by the account holder.
After hijacking the account, these fraudsters activate double authentication to lock out legitimate owners.
According to NCSC, these attackers would first set up their victims’ numbers as their own, causing a code to be sent.
If this fails, the code is solicited by call, possibly ending up on voicemail.
Many users retain the initial password for this automatically-generated mailbox, and do not personalize it.
It is therefore often predictable and easily identifiable, providing an opening for hackers.
Once they have seized a WhatsApp account, these fraudsters reinforce their barricades with double authentication, complicating recovery.
They then often attack the affected person’s contacts.
Measures for users
- Quickly replace any standard password with more robust, unpredictable versions.
- Usedual authentication whenever possible.
This function is sometimes referred to as “two-step validation”.
For more information, visit the NCSC page. - Alert immediately to suspicious notifications from your telecom provider.
- As always, treat your PIN codes with the same care as your passwords.
Never share them, and only enter them on secure sites.
In the digital age, where our personal information and communications are increasingly dematerialized, it’s essential to remain vigilant and proactive in the face of constantly evolving threats.
Attackers are constantly innovating, finding new loopholes and techniques to hijack our accounts and data.
However, by adopting safe practices, staying informed and reacting quickly to suspicious signs, it is possible to minimize the risks.
The advice of the NCSC, as well as other safety organizations, should be taken seriously.
Let’s protect ourselves, our loved ones and our digital space.
