In recent weeks, the cybersecurity company Check Point has warned of a increased account theft WhatsApp, a kind of cyber attack that it is not new and that it can have serious consequences. We tell you how avoid be a victim of this practice.

Keep in mind that when a user change team and you want to transfer your WhatsApp account, the company sends a SMS authentication code to the phone number so that you can enter it on the new device and thus also activate your account there. In this way, the user can use the same WhatsApp account on different devices and even if they change phones. However, this procedure can also become a chance that the cybercriminals they can take advantage of it to take over the account.

This is explained in an article published in ‘Portaltic’ by the technical director of Check Point for Spain and Portugal, Eusebio Nieva. “The way to carry out this attack is based on the fact that, previously, this cybercriminal has managed to attack one of the contacts of the victim in question and steal all the phone numbers he had, ”Nieva said in the aforementioned medium.

In this way, the criminal get the victim’s number and try to activate the WhatsApp of that number on another computer that you have in your hands. To do this, it requests the sending of the SMS code for authentication, as requested by the application, and the number will reach the genuine user. And how then does the criminal get that number? Appealing to confidence of the victim: impersonates a known contact and writes asking for the code that came to his phone, claiming that they were wrong to send it.

Recovering an account is not a simple process and it is necessary to inform the platform of what happened writing to support@whatsapp.com and specifying in the subject: “Loss / Theft: deactivate my account”. “The only way would be to talk to WhatsApp to inform them of the theft of the account and for them to automatically cancel that account with that phone number,” explains the manager quoted by ‘Portaltic’. In addition, it should also be notified to the authorities corresponding.

How to try to avoid this type of cyber attack?

Trying to avoid being a victim of these types of attacks is important, since the theft of a WhatsApp account can lead to other cyberattacks, for example, against the contacts that the affected user has in his / her phonebook. But how is it possible to stop the criminal? The answer is simpler than it sounds: activating user verification, something that can be done in just two steps. Thus, it will not be enough for the criminal to obtain the verification code that WhatsApp sends by SMS, but must also enter a PIN code to activate the victim’s account on their device.

Activating this feature is important and also fast and easy. You just have to enter WhatsApp, go ‘Settings‘or’ Settings ‘, depending on the device, select the option’Bill‘and, there, go to’Two-step verification‘. When this option is activated, every time you want to verify the WhatsApp account on a new device, a PIN code will be requested, which will protect you from future attacks. It is important that, when configuring this function, you also enter an address of email so that the account is not blocked if you forget the PIN number.

Enabling ‘Two-Step Verification’ helps prevent cyberattacks.

Other sources

Tips and questions to consider

There are also other tips to follow and questions to keep in mind that could help prevent such a cyberattack:

– If you receive a message with a verification code, you must avoid sharing it with third parties By Any Means.

– The platform does not request information to its users through messages or through phone calls.

– If a WhatsApp message is received from a phone number unknown, it is advisable to block it.

– One has to check usually on which devices are WhatsApp Web sessions open.

– In the event of being the victim of a cyber attack of this type, not only do you have to report it to the platform and the authorities, but you also have to report this situation to contacts.

It may interest you