Whatsapp users beware!Why?discussion with Raktim😧😧😧
--- By Raktim Bar---
Last year we saw nation-state attacks infecting targeted users with spyware, we saw the potential risk from crafted media files sent over the platform, and we saw a backdoor where bad actors could lock targeted individuals out of the messaging app.
All of these issues were fixed by WhatsApp—software patches plugged security gaps and ensured users were kept safe. The latest issue, though, was fixed before it even hit. But that fix requires users to take action, which means it’s almost certain that many if not most of you have not yet done so.
Behind the scenes, though, the SMS message was a WhatsApp verification code for the account of the person receiving the text. And in sending it back to the “friend,” they were sending it to the attackers. With a fresh WhatsApp install, those attackers could then complete an account take over and progress their scam another turn. This is much simpler than porting the SIM to a new device. The effect, though, is the same. This same scam prompted a raft of police warnings in Singapore last summer.
With the account taken over, the attackers could then message the rest of the group as if from the account holder, as well as any other contacts whose WhatsApp messages were received after the take over. No legacy data is compromised. The target device remains untouched. WhatsApp has simply been ghosted onto an illegitimate device.(According to Forbes,Zak Doffman)
A Twitter user reported the above scam as he received a text from an unknown number claiming to be from the WhatsApp technical team. The tweet was highlighted by WABetaInfo in order to bring this to the attention of more WhatsApp users across the globe.
According to the tweet by Dario Navarro, the scammer has sent a message in Spanish asking users to verify their identity by providing their six-digit verification code that will be sent via an SMS message.
This is #FAKE WhatsApp doesn't message you on WhatsApp, and if they do (for global announcements, but it's soooo rare), a green verified indicator is visible. WhatsApp never asks your data or verification codes. @WhatsApp should ban this account.
The mechanism of Scamming on WhatsApp:
This verification code is nothing but the OTP that users receive on the phone when trying to register the WhatsApp number on a new smartphone. If the user ends up giving this OTP to someone else, they might set it up on their phone and potentially hack into your WhatsApp.
This will not give them access to your recent chats and contacts. However, any message received after the hack will be sent to their phone. Also, the scammer will get access to your profile picture, status as well as the groups you are added in. From those groups, the scammer can even pick up other numbers.
In order to stay away from such scams, you just need to keep in mind that the company never asks for any personal details. Also, one should never share an OTP no matter who the next person is claiming to be.
The OTP pin is required when setting up a WhatsApp account. The scam, which has been around since 2018, works like this. Someone sends a message via WhatsApp or even Facebook, claiming that an OTP has been mistakenly sent to the victim.
They claim this OTP is for logging into their accounts, and ask the victim to just forward them the six-digit code. If the user takes the bait and forwards the code to the unknown number, then these cybercriminals can take over the WhatsApp account of the victim by using this to login.
A report in the UK’s Telegraph indicates that the scam appears to be back in the country and many users are being tricked into giving up their codes, which ends up compromising their account access. Previously, WABetaInfo had also highlighted the scam and how hackers were sending messages to users asking for OTP to login to the account, claiming it has been sent to them as a mistake.
Several users are complaining of receiving messages from unknown phone numbers asking for the OTP they “mistakenly” sent to them. Given most users aren’t aware of the tactics hackers use they are sending the text with the OTP to login to the WhatsApp account. Doing so is making users lose their WhatsApp account.
Never fall for these messages if in any case you receive them. It is advisable to just ignore these messages or simply block the number that you received the message from. We have listed out some tips to protect your WhatsApp account.
proofs:
1)https://twitter.com/WABetaInfo/status/1213085790689013762?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1213085790689013762%7Ctwgr%5E&ref_url=https%3A%2F%2Findianexpress.com%2Farticle%2Ftechnology%2Fsocial%2Fwhatsapp-account-hacked-how-to-protect-from-hackers-6346812%2F
https://twitter.com/Darionavarro_/status/1265596184242139136?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1265617531114487808%7Ctwgr%5E&ref_url=https%3A%2F%2Fwww.indiatvnews.com%2Ftechnology%2Fnews-whatsapp-scam-verification-code-to-hack-621290
Even WhatsApp has clearly stated in its FAQ over here, "You should never share your WhatsApp verification code with others. If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so." Since mobile numbers are easily available through various databases, these attackers will try to verify numbers with numerous people, before they find the right victim profile. There are smart ways to protect your WhatsApp account from such scammers. You should enable two-factor authentication for your account, which ensures the attackers will have to convince you to share the code to gain access to the profile. To enable two-step verification, open WhatsApp, go to Settings, click on Account, and from there enable two-step verification for your profile on the app. Digital scams have increased over the past 12 months or so, with other platforms like Google Pay (used via UPI) and Paytm also observing similar incidents. At the end, it's better for the users to stay vigilant and don't engage with profiles claiming to be from either of there companies or unknown contacts.
Received verification code without requesting it:
To protect your account, WhatsApp will send you a push notification when someone tries to register a WhatsApp account with your phone number. To keep your account safe, don't share your verification code with others.When you receive this notification, it means that someone has entered your phone number and requested the registration code. This often happens if another user mistyped your number when trying to enter their own number to register, and can also happen when someone attempts to take over your account.You should never share your WhatsApp verification code with others. If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so. Without this code, any user attempting to verify your number can’t complete the verification process and use your phone number on WhatsApp. This means you remain in control of your WhatsApp account.
Note:
WhatsApp doesn't have sufficient information to identify the individual who is attempting to verify your WhatsApp account.
WhatsApp is end-to-end encrypted and messages are stored on your device, so someone accessing your account on another device can't read your past conversations.
Resources
If you lose access to your WhatsApp account or suspect someone else is using your account, refer to the article Stolen accounts.
If your phone is lost or stolen, see the article Lost and stolen phones.
Enable two-step verification to enhance the security of your account. See the article Using two-step verification.
For more account security tips read our Account security tips article.Source:Whatsapp faq>faq.whatsapp.com
How to safeguard your WhatsApp account
Enable two-step verification: This feature is available for both iOS and Android phone users for a long time. To enable the two-step verification feature on WhatsApp first head over to the Setting menu > Account > Two step-verification > click on enable. You will then need to set up a PIN that only you will know.
After enabling this feature everyone you or someone else logs into your WhatsApp account will be required to provide this PIN.
Block suspicious contact: In case you receive suspicious phone number that’s not saved with you, just ignore the message and block the contact right now so they don’t send any such message anymore. To block the contact just click on the contact name > scroll down > click on block option.
Change privacy setting: Ensure to change WhatsApp privacy setting. Just head over to the Settings menu > click on Privacy option > Change profile photo option to My contacts > Change About to My Contacts > Change Groups to My Contacts > Change Status to My Contacts. Changing the options will not show your details to contacts not saved on your phone.Ensure to logout from devices you have previously logged in: If you login to devices other than your primary phone ensure to logout once work is done so none else can access your account without your permission.
How to safeguard your WhatsApp account
1)Enable two-step verification: This feature is available for both iOS and Android phone users for a long time. To enable the two-step verification feature on WhatsApp first head over to the Setting menu > Account > Two step-verification > click on enable. You will then need to set up a PIN that only you will know.After enabling this feature everyone you or someone else logs into your WhatsApp account will be required to provide this PIN.
2)Block suspicious contact: In case you receive suspicious phone number that’s not saved with you, just ignore the message and block the contact right now so they don’t send any such message anymore. To block the contact just click on the contact name > scroll down > click on block option.
3)Change privacy setting: Ensure to change WhatsApp privacy setting. Just head over to the Settings menu > click on Privacy option > Change profile photo option to My contacts > Change About to My Contacts > Change Groups to My Contacts > Change Status to My Contacts. Changing the options will not show your details to contacts not saved on your phone.
4)Ensure to logout from devices you have previously logged in: If you login to devices other than your primary phone ensure to logout once work is done so none else can access your account without your permission.Src:The Indian Express
Conclusion:I,Raktim Bar,Write this article for all the WhatsApp user's ,So that you do not fall into this terrible trap.This is an awarness message from me to all of you.To prepare this article I got help from:Whatsapp,The Indian Express,Forbes,Twitter,India Tv News,BBC news,The mobie Indian,and SpamTech etc. And from my Knowledge.Thanks for reading this article and please be aware about it "Do the settings if you want not to fall into this terrible trap"
1)Two Step Verification
2)Set a 4 digit Whatsapp Pin
3)Lock your WhatsApp
4)Remember to log out from Pc/Laptop if you Connect with it By WhatsApp Web
5)Block Unknown Number's
6)Set your own privacy settings.
Written By Raktim Bar
0 Comments:
Post a Comment