WhatsApp: this will happen to you if you don’t accept their new rules 1:05
(CNN Spanish) – Cyber attacks have been a constant for years. In Latin America, it is no exception. From January to September 2020, 1.3 million ransomware attack attempts were recorded in the region, with Brazil and Mexico topped the list, according to cybersecurity company Kaspersky.
“According to our data, 55% of the computers in the region still use Windows 7 and 5% Windows XP (systems that no longer receive technical support and therefore are more vulnerable to attacks)”, comments Santiago Pontiroli, security analyst in Kasperksy, in a statement.
In addition to this, the pirated software rate is 66%, almost double the global average rate of 35%, leading to a much higher state of vulnerability, Pontiroli adds.
WhatsApp, a target of cyberattacks
Although nearly 70% of these attacks target companies, Kasperspky says, day-to-day users remain exposed in a variety of ways.
The concern for users remains latent because, within the cybersecurity trends for 2021, are the hijackings of WhatsApp accounts, which is the leading messaging application in 112 countries, including all of Latin America, according to a compilation of data made by the software company Zendesk.
“Today (accounts are hijacked) using social engineering (to request) the verification code received by SMS”, thereby taking control of the account, “detailed Karspersky’s report on computer security trends for the current year. .
“In the near future this will be even more attractive for fraudsters due to WhatsApp Pay (which is officially called ‘payments in WhatsApp’, it has layers of security such as biometric verification and for now it is only available in Brazil)”, since they could be done unauthorized purchases by the victim, he added.
Most common attacks on WhatsApp
In an interview with CNN, Dmitry Bestuzhev, director of Kaspersky’s global Research and Analysis team in Latin America, explained that in the previous case the attacker tries to register the victim’s phone number on WhatsApp, who receives a verification code via SMS.
The attacker then contacts the victim and regularly tells him that he won something but needs the verification code to confirm his identity and thus award him the prize.
“With this code, (the attacker) puts it on another device where he is registering WhatsApp and with that he gets to have control of the account,” Bestuzhev said.
“From that moment, what the attacker does is immediately enable two-step authentication and the victim will be left without their WhatsApp,” he added.
WhatsApp: this is what you should know about the changes in their privacy policies 3:43
That is one of the most common ways to attack WhatsApp. But there is a second that is also observed on many occasions, according to the Kaspersky executive.
“Another way to hijack the account is by cloning the line. Here it is on the desktop version of WhatsApp. Remember that to activate it you need the QR code.
“The victim is told to scan a QR code for whatever reason (prizes, a hoax that WhatsApp is improving security and you have to scan the code so you don’t run out of your line).
“The person with their cell phone can scan this code that they can have wherever they want (on a web page, send it to the victim’s email). The victim scans it and the session is going to be cloned ”, with which they can spy on all its contents, says Bestuzhev.
The risks are great. This is why the need to protect your WhatsApp account grows. Here we give you four tips to do it easily.
This is how Facebook makes money with WhatsApp 0:34
Tips to protect your WhatsApp account
1. Two-step verification
“Activate two-step verification and provide an email address in case the PIN is forgotten,” says Paloma Szerman, WhatsApp public policy manager for Latin America, in an interview with CNN.
What is it about? You must go to your account, then go to the “Settings” menu, then click on “Account” and there you will see “Two-step verification”.
You will have to choose a six digit PIN. This will be asked whenever you want to register your number on a new device, in addition to the SMS verification code.
After entering your PIN, WhatsApp will ask you for an email in case you forget the six digits and need to restore them.
Bestuzhev points out that the ideal would be to have the option of putting a complex password instead of a PIN, but that this two-step verification is essential, coupled with a good password for your email to be protected from that aspect.
2. Don’t fall into the QR trap
If someone asks you to give a written code or scan a QR code, there is a great possibility that it is a fraud, explains the Kaspersky manager. “You never have to forward this code or tell anyone verbally,” he adds.
On this, Bestuzhev mentions that secure QR code scanners should be used.
“Before opening a file, (this scanner) tells you what it is and gives you the reputation of this link, if it is malicious or suspicious, and it will not take an automatic action to open the page,” he explains.
3. Do not share codes and be careful who you share the phone with
The WhatsApp policy says that you should never share the registration code (the one that comes to you via SMS when registering your account) or the 2-step verification PIN with other people.
“We always tell our users never to share their WhatsApp verification code with anyone, not even their family or friends, as this could lead to someone accessing their account,” Szerman details.
Along with this, it is a priority that you be clear about who can and who cannot have access to your physical phone, as it will help you reduce risks.
“Be careful who has physical access to the phone. If someone physically accesses the user’s phone, they can use their WhatsApp account without their permission, ”he adds.
4. Advanced security options
Bestuzhev says these options won’t save your account from potential theft, but they do add extra security steps for privacy-related issues.
Regarding this issue, Szerman comments that the advanced security options in the case of WhatsApp are two-step verification and biometric recognition.
The first you know how to activate it. In case two, you need to go to the “Settings” section of your phone. It depends on the brand that it is, but normally you should go to the option of “Security and privacy” and then to “Application blocking”.
Once here, you will be able to determine a security PIN that you will be asked for in the apps you decide to block and you will also be able to establish a secret question to reset the PIN in case you forget it.
“These are settings that are not necessarily going to save your line, but privacy is always good,” concludes Bestuzhev.