The coronavirus pandemic it has not stopped crime, since in these days of confinement criminals have sought new ways to find out how to swindle and rob people. Internet it has been one of his favorite and favorite platforms to do it.
This week the antivirus company Panda Security has launched an alert to notify all users of WhatsApp that criminals have devised a way to steal the accounts of the platform and thus keep all their contacts.
The fraud
The modus operandi of the scam consists of sending a text message to the potential victim, through the application itself, where those who send the letter -the criminals- claim to be part of the administration staff of WhatsApp.
In this way, they indicate that a person has registered the ‘app’ on their cell phone with the number that belongs to the person they intend to scam, and they indicate that this would be an “illegitimate login”.
In order for the user -the potential victim- to verify the authenticity of his account, they ask him to send them the security code that he will receive through SMS on your cell phone.
It is at this time that criminals try to log into a cell phone with the number of the user to be scammed, whose WhatsApp account will be activated when the person sends the security message that the platform sent them to their cell phone. After that, the criminals take full control of the account.
What can they access?
Criminals, by having the victim’s account in their possession, can have access to their contacts and groups that the person maintained before losing their session.
In this way, they can impersonate the identity of the person, speaking to their contacts and thus also being able to steal the account of other trusted people of the scammer or ask for passwords and other sensitive data, thus expanding the network of victims of the fraud. cybercrime.
“This is a very smart attack, because criminals use the company’s own security measures to turn them into a vulnerability,” said the Global Consumer Operations Manager of Panda Security, Hervé Lambert, according to The confidential.
Of course, criminals will not be able to read the conversations that the person had at the time the account was stolen, since the backup of these messages remain in the memory of the phone or in the cloud of the mail registered on the cell phone.
–
