This is how cybercriminals do Whatsapp Takeover

Published by Reza Rafati on

Cybercriminals can actually take over your Whatsapp account by performing some tricks and I want to have you informed, so you can block out these type of attacks.

It is of high importance that you immediately check if you have two-factor authentication enabled on your Whatsapp account. This check can be done directly in your phone and it will just take you a couple of minutes.

This is how cybercriminals do Whatsapp Takeover

Time needed: 15 minutes.

I will quickly describe in some steps how cybercriminals will try to perform an Whatsapp takeover and get access to your data.

  1. The criminal will configure Whatsapp in such a way that it will use YOUR mobile number

    It is not impossible for criminals to configure phones in such that they can trick applications like Whatsapp to initiate an verification process. In the case of Whatsapp, Whatsapp will send to the registered phone a 6 digit number by SMS.

  2. The criminal will then contact you by claiming that by accident some info was sent to you

    The criminal is after the 6 digit number. The criminal has initiated the process and Whatsapp has actually sent you an confirmation code. If the criminal gets this, your account will be compromised.

  3. If you provide those details, your Whatsapp account will be compromised

    The criminal can use the 6 digits to confirm to Whatsapp that the “newly” registered phone indeed is the new Whatsapp phone.

  4. The criminal continues this process with your contacts

    The criminal has access to all of the contacts which have left messages. As the account is now owned by the criminal, any new messages will be seen by the criminal.

Protect yourself

You can protect yourself by following these steps:

  • Never share any verification codes
  • Activate Two Factor Authentication by following this guide by Whatsapp on enabling Two Factor Authentication

Share this information
Categories: How to

Reza Rafati

Founder of Cyberwarzone.com.