WhatsApp Voicemail Scam Alert, A worrying new WhatsApp hack could give cyber criminals access to your account.
Scammers attempt to gain access to a users account by taking advantage of weakly secured voicemail inboxes, according to Naked Security, a blog run by British security company Sophos.
The attacks became so prevalent that Israels National Cyber Security Authority issued a nationwide warning.
To start, attackers try to install the WhatsApp app on their own phone using a legitimate users phone number.
WhatsApp attempts to verify the login attempt by sending a six-digit verification code via text message to the victims telephone.
Hackers try to do this when the victim may not be checking their phone, such as nighttime.
WhatsApp then gives users the option to send the six-digit code via a phone call with an automated message.
Since the user isnt checking their phone, the message ideally goes to their voicemail.
The scammer then takes advantage of a security flaw in many telecommunications networks, which provides customers with a generic phone number to call and retrieve their voicemails.
For many voicemails, users only have to enter a four-digit PIN, which if they havent changed it, is typically an easy password such as 0000 or 1234 by default.
Hackers enter the password and gain access to the victims voicemail inbox, thereby allowing them to listen to the pre-recorded message from WhatsApp that contains the six-digit code.
They enter that code into their own device, giving them complete access to the victims WhatsApp account.
Making matters worse, particularly savvy hackers can set up two-factor authentication for the WhatsApp account, which requires users to enter a unique PIN code if they want to re-verify their phone number.
This prevents the victim from regaining control over their own phone number, Sophos noted.