Furthermore, once they are in, the hackers turn on two-factor authentication to prevent the victim from regaining access to their account. Consequently, the attacker uses the OTP to log in to their target’s WhatsApp account. Since call-forwarding is now turned on, the OTP phone call goes to the cybercriminal’s device rather than the victim’s. Once this is turned on, the hacker begins the WhatsApp registration process for the account registered with the victim’s mobile number.Īs a part of this, the attacker selects an option to receive the OTP via phone call. This is the carrier’s code to turn on call-forwarding. In a post on his LinkedIn page, he provided details of how the attack is carried out.Ī target first receives a phone call from an attacker, who convinces them to make a call to a number starting with an MMI code. Rahul Sasi, founder and CEO of cybersecurity company CloudSEK, uncovered a new scam targeting users in India. Messaging apps like WhatsApp contain a treasure trove of personal and sensitive information, making them a regular target for cybercriminals. WhatsApp is immensely popular around the globe, with approximately 2 billion monthly active users. Details of the WhatsApp Call-Forwarding Scam ![]() Since most network service providers offer call-forwarding, the attack can be carried out in any part of the world. Once a hacker is in, they gain access to their victims’ messages and contacts, which can be used to carry out more nefarious activities. Savvy attackers trick victims into turning on automated call-forwarding, then request a one-time password (OTP) verification in order to hijack WhatsApp accounts and lock out hapless users. A leading cybersecurity professional has alerted WhatsApp users of a new social engineering ploy that lets hackers take control of accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |