2024-10-30 18:08:00
WhatsApp scams are affecting a growing number of users in Colombia. In many cases, criminals use the identities of friends or family members to send urgent and alarming messages requesting money to resolve supposed emergencies.
This scam method has become one of the most common on the popular messaging platform. WhatsApp account hijacking usually begins when criminals send a message to the victim and ask for the six-digit verification code that WhatsApp sends via SMS.
This code is what allows you to verify your account on a new device. Once access is gained, criminals are able to take control of the account and, with it, the victim’s contact listwho can be contacted directly to request transfers or confidential information, taking advantage of the trust that exists between the parties.
This type of attack is based on social engineering techniques, as criminals manage to manipulate the victim into handing over the code without suspecting that their security is being compromised.
David González, cybersecurity expert at ESET Latin America, explains it to EL COLOMBIANO This practice “exploits the lack of additional security in accounts without two-step authentication.”
You might be interested in: Batteries with calls from abroad: you can fall for a scam via WhatsApp
For those who have been victims, recovering a WhatsApp account is possible through some steps that Meta, the parent company of WhatsApp, suggests following. But the first thing tech YouTuber Marcelo Felman advises is to stay calm so as not to make hasty decisions.
Step by step to recover a WhatsApp account
1. Log in to WhatsApp from your original device. Since the WhatsApp session has probably been lost (because it can only be connected to one phone) the idea is to try to access WhatsApp from the original device. By doing so, WhatsApp will send a new verification code to your registered phone number (ideally, ask for the code to arrive via SMS or SMS to your mobile phone). This code is essential to restore control of your account. If the criminals have not activated two-step verification, entering this new code will take away WhatsApp and put it back on the original device.
2. What would happen if criminals enabled two-step verification? If criminals activate two-step verification, they enter a secret code that you as a user do not know. What you need to do is click on Forgot your PIN? “And then you have no choice but to wait 7 days, but at least the hacker is out,” insists Felman.
4. Notify your contacts of the account hijacking. It is advisable to notify friends and family, using other means of communication, to prevent them from falling for scams. This reduces the chances that criminals will be able to deceive the victim’s contacts, which are often their main target.
5. Contact WhatsApp technical support. In complex cases, you can contact WhatsApp directly through its support channels to request help in recovering your account. WhatsApp has a process for reporting compromised accounts and can provide assistance in restoring them.
Tips to avoid account theft and hacking
Preventing this type of fraud requires implementing security measures on WhatsApp, Two-step authentication is the most effective.
Enabling this option adds an extra layer of protection by requiring a custom PIN in addition to the regular verification code.
To configure it you need to follow the path Settings > Accounts > Two-Step Verificationin the WhatsApp app.
Furthermore, Meta recommends turning off SMS message preview on the locked screenas this prevents criminals from seeing the verification code without having to unlock the device.
Find out: WhatsApp account hijacking (or cloning): how to recover a hacked account?
Another essential measure is to never share your WhatsApp verification code, as no legitimate request from the application will ask for this information.
Increase in account hijackings in the region
Social media account hijacking is not unique to Colombia, but the country has seen a notable increase in this practice in recent years. Mexico, for example, recorded a 650% increase in the first months of 2024, and a similar trend was also observed in Colombian cities.
These cyberattacks usually focus on users’ trust in their contacts, and criminals have adapted their techniques to impersonate even WhatsApp tech support, requesting the verification code as if it were a security update.
Recovering a hacked WhatsApp account is possible if you act immediatelyand following security recommendations can prevent users from becoming victims of this type of crime.
#WhatsApp #hacked #Learn #recover #account #step #step
Interview between Time.news Editor and David González, Cybersecurity Expert at ESET Latin America
Time.news Editor: Welcome, David González! Thank you for joining us today. With WhatsApp scams on the rise in Colombia, can you explain how these scams typically unfold?
David González: Thank you for having me! These scams often start with criminals impersonating someone familiar to the victim—like a friend or family member. They send urgent messages requesting money, often claiming to be in an emergency. This manipulation exploits the trust we have in our close contacts.
Time.news Editor: It’s alarming how easily trust can be compromised. How do scammers hijack an account in the first place?
David González: The hijacking usually begins when they trick the victim into providing their six-digit verification code that WhatsApp sends via SMS. This code is crucial as it allows them to access the victim’s account and, by extension, their entire contact list.
Time.news Editor: That sounds frightening. What role does social engineering play in these attacks?
David González: Social engineering is at the core of these scams. Scammers are skilled manipulators; they create a sense of urgency and fear, leading the victim to believe they are acting in their loved ones’ best interest. It’s a psychological game that often ends in tragedy for the victim.
Time.news Editor: And once an account is compromised, what can the victim do to recover it?
David González: There are steps to take, which I detailed recently. The first thing is to log in to WhatsApp on the original device, as that might send a new verification code to the legitimate user. If the scammers have activated two-step verification, it becomes trickier, but the person can still initiate the recovery.
Time.news Editor: That’s useful to know! What are the steps if the account recovery is hindered by two-step verification?
David González: In that case, the victim should press “Forgot your PIN?.” This action can prompt a seven-day waiting period during which the hacker cannot access the account. Meanwhile, it’s important to inform contacts about the hijacking to prevent them from falling for any scams as well.
Time.news Editor: That’s solid advice, David. Prevention seems key. What can users do to safeguard their accounts in the first place?
David González: Absolutely! Enabling two-step authentication is vital. This adds an extra layer of protection by requiring a custom PIN in addition to the regular verification code, making it significantly harder for scammers to gain access.
Time.news Editor: Are there any other tips you recommend to protect oneself from these types of scams?
David González: Yes! Users should be cautious about sharing personal information, even with trusted contacts. Regularly reviewing privacy settings and being skeptical of unsolicited or alarming messages can also help reduce risks. Education about these tactics is essential!
Time.news Editor: Thank you, David, for sharing these valuable insights. It’s clear that heightened awareness and better security practices can make a significant difference in combatting these WhatsApp scams.
David González: Thank you for having me! It’s crucial that we continue to educate ourselves and our communities about cybersecurity to help mitigate these types of threats.