WhatsApp users have been warned by security experts of a major security scam targeting their accounts on the world’s most popular messaging app.
The threat allows attackers to close your account by deactivating your account, and bad actors need not do so much more than Know Your Phone Number.
The terrifying new scam was first highlighted by two security experts in Forbes magazine, with security researchers Luis Marquez Carpintero and Ernesto Canales Perina warning that anyone could be blocked from accessing their account within 36 hours.
The attack is carried out when a hacker attempts to install WhatsApp on their device and enter a victim’s mobile number during the initial account creation process, and if someone does, the victim will receive a WhatsApp text message giving them an important 6-digit code required to complete the setup process.
If the hacker cannot convince the victim to send this code, the probability that he can guess it is almost impossible; therefore, the attacker will attempt to enter using the wrong codes, and continue to fail.
And even now there is no problem, but the problem appears after a number of failed attempts, will WhatsApp stop creating these icons. The chat app will inform the victim that someone is trying -and failing-to set up WhatsApp, and that they have to wait before resending the SMS for 12 hours.
After the 12-hour period ends, the attacker follows the same method of trying random codes, then fails, WhatsApp again stops creating codes for another 12 hours, and while no new setup codes are created, the attacker can create a fake email address and contact Whatsapp support.
The assessment of the victim’s phone number for support, he says that his account has been lost or stolen and cook deactivate it.
The support officer then locks the user’s account, without verifying that the person he contacts via email is an attacker who has the victim’s phone number.
If the attack reaches this point, and the attacker sends a message to the WhatsApp support on behalf of the victim, the latter will face a major headache in trying to recover his account. The researchers say it will be too late at this point, and the victim will have to try to find someone from support to speak to in person.
Speaking about the threat, Jake Moore of ESET, an information security firm, said: “This is another worrying breach, which could affect millions of users who are likely to be targeted by this attack. With so many people relying on WhatsApp-as their primary communication tool for social networking and work – it’s worrying how easy this can be.”