The wave of attacks on WhatsApp that use a close contact for account theft intensifies

“The truth is that I’m stupid, because reading my boyfriend’s message again … he would never have written to me like that, but he was working and I haven’t thought about it,” laments Irene, a WhatsApp user affected by the latest wave of account thefts that plague the messaging platform. Cases like yours have become more and more common in recent weeks: the attacker hijacks the victim’s WhatsApp account using his close contacts as a hook, who in turn had been hacked previously.

War of the giants and massive migration to Telegram due to changes in WhatsApp conditions

Know more

The theft is carried out by tricking the victim into supplying their own WhatsApp verification code. This key allows you to activate the WhatsApp account on a new device, which the app sends via SMS. If a third party accesses it, they can hijack the recipient’s WhatsApp profile, send messages to active chats or interact in groups to send fraudulent links. “As it is a known contact who asks us for the code, it does not make us distrust. But that contact, in turn, had also been a victim of fraud. It is a chain attack”, details Ruth García, from the National Cybersecurity Institute ( Incibe).

This type of cyber attack is not new, but it has intensified. “In recent weeks we are seeing a rebound in this fraud,” warns the expert, a technician from the agency’s Cybersecurity for Citizens area. “There is a growing number of users who are reporting to us that they have been affected by the hijacking of their accounts. Right now we are on an upward trend, we do not know how long it could last.”

One of the objectives of the attack is to replicate itself, that is, to forward the request for the verification code to other close contacts of the victim and to steal their accounts. Beyond that, the purposes can be multiple and the Incibe has not detected that the fraud campaign pursues one in particular.

“Once the account is hacked, it can be used to send links to fraudulent pages, to do phishing, fraudulent sweepstakes, identity theft, theft of bank details …”

Ruth Garcia
– Incibe technician

“Once the account is hacked, it can be used to send links to fraudulent pages, to do phishing, identity theft, theft of bank details …”, García lists. “They can also use social engineering tactics to extract information from the victim with which to then extort it,” he adds.

Ultimately, this type of WhatsApp account hijacking can also be used to carry out an attack directed at a specific person. The purpose may be to seize confidential information that the attackers know is in that person’s possession, or to demand payment for the account recovery. However, these are exceptional situations, explains García: “In most of the cases that we are seeing right now, the attack does not occur because you are a specific person but because you have turned out to be one more victim.”

As in all cyber frauds, the recommendation of all specialists is never to pay or accept any type of extortion, since there is almost always a way to recover the account.

How to recover WhatsApp account

Blocking third-party access to the WhatsApp account requires the same process that the attack uses to hijack it: requesting the app for a verification code from the original owner’s phone. This will arrive via SMS and must be entered into the application. “The code is unique and changes every time you verify a new phone number or device”, explain WhatsApp, who gives specific instructions for Android phones and to iPhone phones.

If someone accesses your account on another device they will not be able to read your past conversations


“Keep in mind that WhatsApp provides end-to-end encryption and messages are stored on your device, so that if someone accesses your account on another device, they will not be able to read your past conversations,” the company recalls.

The verification code should not be shared with anyone for any reason, “not even with your family or friends,” WhatsApp asks. If you have, even if no strange behavior has been detected in the personal account, it is advisable to request a new code and enter it in the app as a security measure.

The problem is that the reception of the code may not be instantaneous. “We have detected that a few hours or even days may elapse,” warns Ruth García. Also, in case the attacker has activated two-step verification –Something unusual– WhatsApp claims that the recovery process will last a week. “You must wait seven days to verify your number without the two-step verification code. Regardless of whether you know the two-step verification code or not, the session of the person with access to your account will be closed as soon as you enter the code of six digits sent by SMS message “, details the application.

“The normal thing is that it can always be recovered and that there is no problem. In any case, if this were not the case, we would have to collect the evidence that we have of the supposed hijacking of our account and proceed to file a complaint so that there is evidence of the situation “, explains the Incibe technician.

The Incibe’s recommendation is to remain calm during this period of uncertainty and not attend to any demands from the attackers. Both WhatsApp and the Cybersecurity Institute ask that this period be used to notify other contacts of what happened, explain what the fraud consists of and the need not to click on any link sent from the affected account.

“Communicating it to the rest of the users helps the rest of the people to be aware that it is taking place and that our contacts are not victims of it”, explains Ruth García: “As this attack circulates in a chain, if it is not knowing its existence is easier for it to continue circulating and it becomes more complicated then to put a brake on it “.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.