WhatsApp Voicemail Scam Alert.
WhatsApp Voicemail Scam Alert, A worrying new WhatsApp hack could give cyber criminals access to your account.
Scammers attempt to gain access to a users account by taking advantage of weakly secured voicemail inboxes, according to Naked Security, a blog run by British security company Sophos.
The attacks became so prevalent that Israels National Cyber Security Authority issued a nationwide warning.
To start, attackers try to install the WhatsApp app on their own phone using a legitimate users phone number.
WhatsApp attempts to verify the login attempt by sending a six-digit verification code via text message to the victims telephone.
Hackers try to do this when the victim may not be checking their phone, such as nighttime.
WhatsApp then gives users the option to send the six-digit code via a phone call with an automated message.
Since the user isnt checking their phone, the message ideally goes to their voicemail.
The scammer then takes advantage of a security flaw in many telecommunications networks, which provides customers with a generic phone number to call and retrieve their voicemails.
For many voicemails, users only have to enter a four-digit PIN, which if they havent changed it, is typically an easy password such as 0000 or 1234 by default.
Hackers enter the password and gain access to the victims voicemail inbox, thereby allowing them to listen to the pre-recorded message from WhatsApp that contains the six-digit code.
They enter that code into their own device, giving them complete access to the victims WhatsApp account.
Making matters worse, particularly savvy hackers can set up two-factor authentication for the WhatsApp account, which requires users to enter a unique PIN code if they want to re-verify their phone number.
This prevents the victim from regaining control over their own phone number, Sophos noted.
The attack was first documented by Ran Bar-Zik, a web developer at Oath, but resurfaced again in a new report by ZD Net.
Israeli security officials have warned that the attack has been on the rise in recent weeks.
They recommend that users turn on two-factor authentication on their account, which adds an extra layer of security to your account.
Using application-based 2FA…mitigates a lot of the risk, because these mobile authentication apps don’t rely on communications tied to phone numbers, Sophos researchers explained.
Users can do that by navigating to Settings in WhatsApp, then tapping Account. Navigate to the Two-step verification heading and tap Enable.
Further, experts say users should make sure they have a strong PIN on their voicemail inbox.
Originally posted on October 10, 2018 @ 11:24 AM