Stealing WhatsApp verification code is perhaps the best known method to hack an account on the popular instant messaging app. In this attack, hackers will try to intercept the code sent by WhatsApp via SMS messages, using various methods.
A recently detected variant of this attack is based on sending messages apparently sent by a family member or friend. The message tries to make the target user believe that the contact mistakenly sent the WhatsApp startup code, requesting that it be sent back.
In reality the user is not talking to his family or friends, but a threat actor has managed to compromise the sender’s phone number and is now trying to get the passcode, which will allow evading WhatsApp’s multi-factor authentication mechanism.
If successful, hackers can wreak havoc and even compromise other people’s phone numbers. This is a really smart scam because it is based on the fact that a friend or family member will agree to fulfill this favor.
Given its effectiveness and simplicity, this has become the most popular WhatsApp scam today.
The recommendation for those who receive this message or any similar one is to completely ignore this scam attempt, in addition to trying to contact the affected person by other means to inform them that their phone has been compromised.
If your account has been compromised due to this scam, be sure to try to log in immediately and remove intruders from your account, even if these actions mean resetting the affected account again.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
