Already a few months ago, a new blow rounds users of the WhatsApp Messenger all over Brazil this designed not to steal your money but rather your own account in the messenger.
Some Brazilian portals have echoed the scam a few months ago, but it is healthy to reiterate the alert for a simple reason: the scam continues to occur quite often and can even reach educated users.
The plot can occur in two ways. The first requires the collusion of the bad guys with a malicious employee at a mobile carrier and requires the attackers to make a copy of their mobile number on a new chip (practice used when you have your mobile lost or stolen, for example). By controlling your number, the bad guys can impersonate you on WhatsApp servers and take control of your account.
In this case, the best strategy to protect against scams is to enable WhatsApp two-factor authentication with it, the app provides the user with a password, which is requested from time to time and whenever the app is reinstalled or accessed from another device.
Attention should be paid to the second mode of the blow: in this case, the bad guys do not make a chip with their number; they simply try to obtain, with the victim, the authentication code requested by WhatsApp to exchange the number linked to an account. This trick is very common when you display your phone number publicly as in a virtual classified ad, for example.
Our editor-in-chief Rafael Fischmann, for example, suffered a recent scam attempt: a few days after advertising his car on Webmotors, an intruder contacted him as an agent of the service. The person requested the code that would be sent to Rafael's cell phone to enable ad highlighting on the platform but, in fact, she would use the password to change his WhatsApp-linked number and gain full account access.
Once cloned, the victim can no longer gain access to his own account, as WhatsApp does not allow a registration to be active on two devices at the same time. The bad guys then get in touch with the person's most frequent conversations, usually impersonating him and asking for money to be sent to an account (either for paying a fake kidnapping or a quick loan).
How to protect yourself?
So the tip is to keep you alert on all fronts: be it with foreign contacts requesting an authentication code for any purpose whatsoever or with people posing as frequent contacts of yours asking for borrowed money.
Always confirm the identity of those on the other end and never share confidential codes.