The coronavirus has shown that he is extremely dangerous for people’s health, besides it grows very fast. Due the impossibility of going out from home, people and organizations make use of remote work, which have empowered the increase of the use of communication platforms through internet, like Whatsapp. However. Specialists in hacking course consider that this practice is also risky for the information security of the people.
Making use of this situation, a group of threatening actors have brought back a popular hack of Whatsapp being active for almost 2 years, identified in an exploit campaign against multiple users. It should be mentioned that this attack is relatively simple and has a good success rate.
A friend messages saying they’ve mistakenly sent you their WhatsApp code, please send it to them.
It is YOUR code. You send it, they hack your account.
Has happened to several friends today.
According to specialists in hacking course, the attack works this way: When an user installs Whatsapp in his/her device, receives a verification code of 6 numbers through SMS, which allows to activate the Whatsapp account. The threatening actors must have a hacked account and write to a friend of the chosen victim.
The attackers, pretending to be the victims, explains the friend that their having some difficulties to receive the confirmation code, so the had to ask to Whatsapp to send the code to one of their contacts. When sent the code to the attacker, the account of the targeted user, becomes fully compromised. It is true that the actors won’t be able to access the security backups from the victims with this kind of attack, but they will be able to access the chat groups and all the new messages or files sent to them from that moment.
The experts of the hacking course assure that the signals of this method being a fraud is clearly as crystal, although some users still fall into this trick. It is obvious of course, that the codes sent by Whatsapp mustn’t be shared with anyone, but there are some solutions in case the hackers get some of these codes.
Just for security, the users can activate some of the protections included in Whatsapp, like the authentication of 2 factors (2FA) or the establishment of an additional PIN to access the conversations.
Even this service offering the users encryption from one side to other, The International Institute of Cyber Security (IICS) consider that the users must remember there are multiple security risks, which make it necessary for the users to verify themselves the security fo their devices.