WhatsApp identity theft: find out how they can steal your account and scam your contacts

When was the last time you received or sent a message? It was probably via WhatsApp, right?

WhatsApp is the most used instant messaging app with more than 2 billion active users in the world. This makes it the preferred channel to communicate almost instantly with our family, friends, co-workers, and even with our favorite businesses. Unfortunately, WhatsApp is not safe from fraudulent attacks.

According to CyberNews, a few months ago, cybercriminals put up for sale a database with more than 500 million WhatsApp user numbers so that any person or entity could buy them. This information can be very sensitive in the wrong hands. Criminals can steal your number, have access to all your data (photos and private conversations) and even impersonate you so they can ask your contacts for money. This new type of identity theft is very difficult to prosecute, as criminals operate from anonymity.

Modus Operandi

Criminals usually ask for your WhatsApp verification code to be reset (usually they do this at dawn so you are less likely to notice it), if you don't have the two-step authentication mode activated WhatsApp will give you the option to choose if you want to receive the code by SMS or by call; criminals ask to be sent by call (probably going to your voicemail). Normally, the voicemail has a low-security code, which allows criminals to access your voicemail, steal the WhatsApp verification code, hack your account and in just a few minutes, they start asking your contact list for money.

Although this type of hack is common, there are other methods that cybercriminals use to fool you. Here we leave you some:

• Fake call pretending to be WhatsApp staff.
• Fake call pretending to conduct a survey (eg Covid vaccine) and then request the verification code to avoid doing the survey again.
• Send a message via WhatsApp indicating that they sent you a code by mistake so that you can share it with them urgently.
• WhatsApp message with a link to steal your data.

To avoid being a victim of this type of identity theft, here are the following tips:

• If you receive a WhatsApp verification code, do not share it with anyone.
• If you receive messages with advertising from businesses with which you have not had contact, do not open any links. Report that number to WhatsApp.
• If a relative, friend, or contact asks you for your verification code, contact them by other means and inform them of the situation (possibly he or she was already a victim).
• Establish a secret word that will serve as a password with your closest contacts (in case they receive an extortion message).
• Avoid saving your contacts with names that indicate the family or sentimental bond you have with them "mom" "sweetie" "brother" etc. They are usually the first to contact and then ask them for money.
• If you are going to send sensitive information, enable the disappearing messages option: https://www.youtube.com/watch?v=C7sPLj-cuWk
• Protect your WhatsApp account with two-step authentication: https://www.youtube.com/watch?v=rA0VlXPdgjI
• Change the pin of your voicemail, it is very easy to know what your password is. WhatsApp does not send information by WhatsApp or mail, do not open any link that comes from an unknown sender.
• WhatsApp staff will never ask you for your security pin.
• Do not store messages with passwords, bank details, compromising photos, payments, or transfers.
• Periodically check which devices are linked to your WhatsApp account, if you don't recognize any, delete it.
• If someone you know asks you for a deposit or transfer, validate the information, and contact him or her by another channel.
• If you open WhatsApp web on a device that is not yours, always remember to log out when finished (especially if it is a public device).

Identity theft can not only occur through WhatsApp, there are different methods and it affects both people and companies.

Fraudsters steal identities so they can apply for credits, loans, etc, on behalf of the defrauded identity. For example, on the report Building Competitive Digital Onboarding for the Banking sector of IQSEC 2021, Mexico has the 8th place in this type of fraud around the world and according to the FTC (Federal Trade Commission) an identity theft happens every 14 seconds in the United States.

Although we know that the best protection to avoid being a victim of this type of attack is awareness and education, it does not hurt to have additional measures.

At Trully we are prepared, alert, and committed to stopping fraud, such as identity theft fraud. For this reason, we developed Face Analysis, a solution that effectively attacks identity fraud by combining Machine Learning and Artificial Intelligence tools to detect fraudsters. If you want to know more, here we leave you the details.

Trully, real solutions against fraud.