WhatsApp is the most popular conversation application in the world. Due to its popularity, it is not uncommon for WhatsApp users to become targets of crime. Criminals often trick victims into taking over or hijacking their WhatsApp accounts. The account was later misused.
Now, there is a new mode of fraud by the con artist, which is relying on the WhatsApp Business application. At least that’s according to the tweet uploaded by researchers from the cybersecurity firm F-secure, Mikko Hypponen.
We’re seeing a Whatsapp attack underway. If you get an unexpected text message from Whatsapp, do not share the code you got with anyone. Do not click the link. pic.twitter.com/wT9vsqCZx9
— @mikko (@mikko) November 26, 2020
Based on these tweets, the fraudster used the WhatsApp Business app and tried to log in by entering the target number. It aims to change the target WhatsApp account type from regular to business WhatsApp.
After entering the telephone number, the fraudsters then launched their attacks through social engineering methods. The trick is to send a message to the victim on the pretext that the fraudster sent the wrong SMS. In fact, the SMS containing the six digit code that the victim got came from WhatsApp, not the con man.
So, if fooled, then the victim can give the code voluntarily. In fact, if you click on the link included in the SMS, the victim can also lose their WhatsApp account.
The fraudster will then use the WhatsApp Business account that was hijacked, and then target other targets in a similar way.
Now, to protect user accounts from this kind of fraudulent method, activate the two -step verification WhatsApp account security feature.
How to activate the feature to secure this WhatsApp account is quite easy. Users can go to the Settings / Settings menu by tapping the three vertical buttons located at the top right corner of the WhatsApp main screen. Then select the “Account” / “Account” menu and select “Two-step verification”.
If it hasn’t been activated, tap the “Enable” option then enter the six digit PIN as desired and repeat to confirm. The next step, you will be asked to fill out an e-mail. Actually this step is optional. If it does not wish, the user can choose to “skip”. However, it is highly recommended to still fill in your e-mail address.
But keep in mind, the e-mail address used should also have good security. After the e-mail address is filled in and confirmed, two-step verification will then be active. If you return to the messaging homepage, you will be asked to enter the PIN that was registered earlier.
To keep you reminded of your PIN, WhatsApp will ask you to enter your PIN periodically, as summarized from Lifehacker, Sunday (29/11/2020)
However, if you forgot your PIN and previously did not provide an e-mail, you will not be allowed to re-verify WhatsApp within seven days of last use. Thus, using this PIN can minimize the frequent break-in of WhatsApp accounts.