Criminals can hijack WhatsApp accounts by social engineering their way into getting the phone number verification code, an advisory released by Maharashtra Cyber reveals. Mumbai Mirror first reported this. When a user installs WhatsApp, they have to provide a mobile number which is verified through a verification code sent to the number. This process is repeated if a user changes their phone but not the number. As per the advisory, in this attack, “the hacker knows your mobile number and this whole series of attacks starts with one person (Mr. A), giving out his verification code and allowing his account to be hijacked”. Once the fraudster has access to Mr A’s WhatsApp account, they also have access to his contacts and groups. The fraudsters figure out the most contacted people on Mr A’s list and message them, as Mr A, saying that they haven’t received the verification code and hence they are sending it to the most contacted people. But verification codes cannot be redirected this way. When the most contacted people share verification codes with “Mr A”, they are actually sharing verification codes for their own phone numbers, thereby making it easier for fraudsters to take over their accounts. The advisory said that in several instances, the fraudsters then sent obscene photos on WhatsApp groups the victim is a member of. It is not clear what compels this Mr A to give out the verification code — is his phone number spoofed because of which the verification code is…
