A few months ago, a new scam was around users of the WhatsApp Messenger throughout Brazil – this one, designed not to steal your money, but your own account in the messenger.
Some Brazilian portals echoed the scam for a few months now, but it is healthy to reiterate the alert for a simple reason: the scam continues to happen with some frequency and can reach even selected users.
The plot can occur in two ways. The first requires bandits’ collusion with a malicious employee at a cell phone operator and requires attackers to make a copy of your cell phone number on a new chip (a practice used when you have your cell phone lost or stolen, for example). With the control of your number, the crooks can impersonate you on the WhatsApp servers and take control of your account.
In this case, the best strategy to protect yourself from scams is to activate WhatsApp’s two-factor authentication – with it, the app provides the user with a password, which is requested from time to time and whenever the app is reinstalled or accessed from a another device.
The greatest attention must be paid to the second modality of the coup: in this case, the bandits do not manufacture a chip with their number; they simply try to obtain, with the victim, the authentication code requested by WhatsApp to exchange the number linked to an account. This ruse is very common when you display your phone number publicly – as in a virtual classified ad, for example.
Our editor-in-chief Rafael Fischmann, for example, recently suffered an attempted scam like this: just days after announcing his car on Webmotors, an attacker contacted him posing as a service agent. The person requested the code that would be sent to Rafael’s cell phone to activate the ad’s prominence on the platform – but in fact, he would use the password to change the number linked to his WhatsApp and get full access to the account.
Once cloned, the victim is no longer able to gain access to their own account, since WhatsApp does not allow a registration to be active on two devices at the same time. The crooks then get in touch with the person’s most frequent conversations, usually impersonating them and asking for money to be sent to an account (either to pay for a fake kidnapping or a quick loan).
How to protect yourself?
Therefore, the tip is for you to be alert on all fronts: be it with strange contacts requesting an authentication code for any purpose or with people going through frequent contacts asking you to borrow money.
Always confirm the identity of those on the other end of the line and never share confidential codes.