Your WhatsApp account probably contains some of the most personal and private information you’ll ever have due to the fact that it’s the kind of thing that could potentially allow you to communicate securely. The instant messaging platform has strong encryption protocols that guarantee much of this security, so many users are confident that there is nothing to worry about in terms of losing access to this precious account.
With all that said and now out of the way, it is important to note that some malicious actors have been stealing WhatsApp accounts by automating call forwarding for OTPs that users receive via voice call. CloudSEK CEO Rahul Sassi talked about this new method to illegally access WhatsApp accounts, as there are only minor hurdles that any accomplished hacker can easily overcome with all things having been considered and considered.
—Rahul Sasi (@fb1h2s) May 23, 2022
Malicious actors combine social engineering with knowledge of their target’s home phone number to carry out these attacks. The hackers will call this number and convince the potential victim to call what appears to be an official WhatsApp number with a human-machine interface code. The code may look legitimate, but despite the fact that it is, it is a completely fraudulent number that belongs to the malicious actors themselves.
If someone called this number, they would be immediately logged out of their account and the hackers would get all their login details along with the OTP they need to verify the two-factor authentication. Victims can try to call the number, but all official WhatsApp calls will be redirected to the malicious actor’s number instead. Often they set up two-factor authentication with their own phone numbers to prevent their victims from accessing their accounts.
This reveals the importance of being extremely careful with such things. Malicious actors keep inventing new and unique ways to block you from accessing your accounts, and even your WhatsApp account might not be safe.
Read next: WhatsApp is testing a status reply indicator icon and another cover display option, especially for the business community