Jakarta: CloudSEK security researchers have discovered a new WhatsApp scam method. This method is said to be simple, calling the victim and asking him to call a certain number, but the effect is terrible.
Victims who call this number will make it easier for fraudsters to take over the victim’s account without their knowledge. CloudSEK calls this trick similar to the WhatsApp OTP scam that has been circulating for a few years.
The victim will be prompted to dial a 10-digit phone number with the initial code ‘**67*’ or ‘*405*’. For information, this code is generally used by operators to forward calls when the user’s number is busy.
With this code, ordinary victims have the potential not to know that they have diverted calls to phone numbers controlled by fraudsters. CloudSEK said the fraudster would then initiate the WhatsApp registration process for the victim’s phone number on the back-end.
CloudSEK also explained that the fraudster would choose the option to send the OTP via a phone number, but due to the redirect, the OTP will be sent to the fraudster’s number. Once at this point, the victim will find it difficult to regain control of their numbers.
This takeover allows the fraudster to contact the contacts registered on the account to request money without arousing the suspicion of the victim or the contacts in the victim’s account who requested the money.
This trick, Sasi continued, can be used to hack into anyone’s WhatsApp account provided the hacker can physically access the victim’s cell phone and has access to make phone calls.
This scam was only recently reported in India, but Sasi said this scam has global coverage, as various countries and mobile carriers have similar number diversion codes.
As a reminder, WhatsApp sends an OTP to the registered phone number to verify the user’s account. If the fraudster manages to get the OTP into the victim’s WhatsApp account, the victim will be immediately deleted from the account and the account will be completely taken over by the fraudster.
To protect WhatsApp accounts and prevent similar fraudster attacks, users are advised to always enable the 2-factor authentication (2FA) protection feature on WhatsApp and set a password or PIN to login. .
(MMI)