Tech

Use 2FA to Stop This New WhatsApp Account Attack

pic.jpg_thump

A simple but noteworthy attack is making the rounds on popular chat service WhatsApp. It’s incredibly easy for someone to pull off—all they need is access to a single account that has you listed as a contact. And if you’re susceptible to a bit of social networking, said attacker can take over your WhatsApp account pretty easily.

Here’s how it works, courtesy of F-Secure chief risk officer Mikko Hypponen. An attacker starts by gaining access to a WhatsApp account that has you listed as a contact. Said person then attempts to convert every single contact in that account to a WhatsApp business account. Before this happens, WhatsApp sends you a message asking you to confirm your new business account with a six-digit code.

The attacker, still in control of the account that’s listed you as a contact, then messages you pretending to be that person. They’ll send you something along the lines of, “Oops, didn’t mean to send that to you, can you tell me what the six-digit code is?” And if you reply with the number, then you can kiss your WhatsApp account goodbye. The attacker has now taken it over, and they’ll use your contacts to continue the scheme.

Obviously, the best thing you can do to prevent yourself from being suckered in by this attack is to never, ever give anyone else any authentication codes you ever receive. There will never be a time when an authentication code is accidentally sent to you. Even if that was the case, said person trying to request a code for themselves should be able to just re-request it; they don’t need your help.

So, a little common sense prevents a lot of pain on this one. However, this attack is also a great reminder that you can and should be using WhatsApp’s two-step verification.

You set it up via Settings > Account > Two-Step Verification…Read more>>

 

Source:-lifehacker