The cloning of WhatsApp accounts is an old one, but it has been improved. A new blow to this line takes advantage of numbers displayed in Internet advertisements to improperly transfer messages to another device.
The practice was discovered by Kaspersky Lab, which identified an increase in the number of cases of cloned accounts on WhatsApp. According to the company, cybercriminals target people who have posted ads on sales sites and made a cell phone number available.
With the information, the authors of the scam send a message impersonating the company that hosts the ad. The idea is to alert the person to a supposed need to keep the ad active by sending a code.
The messages feature something like “We have verified a newly posted ad, and we would like to update it so that it remains available for viewing” or “Due to the large number of complaints regarding your contact number, we are verifying”.
Then there is the request for the person to enter a code received via SMS. The information, which would be from the ad platform, is actually a WhatsApp activation code. It is sent to the victim because cybercriminals used his number to set up an account on another cell phone.
If she does not realize that this is a WhatsApp message and sends the code, her access is canceled and the account is transferred to the other device. Thus, even with a different number, cybercriminals will have access to the victim’s message history.
The scam doesn’t stop there: they then impersonate the person and send messages to the most recent contacts, usually friends and family, to ask for loans for a supposed emergency. In the messages observed by Kaspersky, the amount reached R $ 2,100.
If the person close to the victim is willing to help, cybercriminals ask which bank is the easiest for them and send the bank account details in an “orange”. The action can be repeated until the person is able to recover his account, when the damage may have already been great.
WhatsApp seems to already know about the practice and has adopted some measures to avoid cloning accounts. One of them is simple: the account activation message now displays the warning “Do not share this code”.
The senior security analyst at Kaspersky Lab in Brazil, Fabio Assolini, calls for attention with scams like this. To increase protection, the way out is to enable two-factor authentication of WhatsApp. “It is a password that the user creates and is requested from time to time by the app”, he explains.
“Even if the victim enters the activation code, the criminal will have to ask for the double authentication password – this is already out of the context of the advertisement and the person can perceive the fraud before it is too late,” he says.
To enable authentication, open WhatsApp on your phone and follow the path Settings> Account> 2-step verification. Take advantage and enable 2-step verification on other services you use.