Rahul Sasi <https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web>, the founder and CEO of digital risk protection company CloudSEK has uncovered a massive WhatsApp attack that is currently being used by cybercriminals to take over victims Whatsapp accounts completely. Here is how you can protect yourself from this attack.
How does the attack work:
- The victim receives a call or a message asking them to call a special number that starts with a Man-Machine Interface code that will enable call forwarding on their phone. The number will start with a star (*) or a hash (#) symbol. It will most likely be one of these numbers here: **67* or *405*, but they could be different depending on where you are based in the world. However, they will 100% start with a (*) or a hash (#) symbol.
- The attacker will pretend to be from a bank, phone operator, or a local government agency, and they will sound compelling. They have already hijacked many thousands of Whatsapp accounts using this method.
- When the victim types this code, they will essentially forward all of their phone calls to the attacker’s phone number.
- The attacker, now that all of the victim’s calls are being forwarded to them will start a recovery process on their victim’s Whatsapp account.
- Within a couple of seconds of doing this, the attacker will be able to get complete control of the victim’s Whatsapp account.
- Game Over.
How do you protect yourself:
- If you receive a message from anyone asking you to type a number that starts with a star (*) or a hash (#) symbol, delete the message immediately and do not type it into your phone’s keypad.
Please pass this message on to anyone you know who uses Whatsapp. Also, please let us know if you need any help with this or with anything else.
All the best,