It became routine: another scam started to be applied to steal the WhatsApp account. Taking advantage of the pandemic, reports say that criminals send a question about the covid-19 through WhatsApp, according to an audio that went viral in several groups.
The message states that the criminal gets in touch by posing as Datafolha. "He asks about covid, if someone in the family had symptoms. The language is very technical and at the end he says: 'to confirm your search, it was sent to your cell phone via SMS six digits to confirm the search. You can inform me by favor?' When you inform, it clones your WhatsApp ".
The "code sent to your cell phone" is actually the victim's WhatsApp account activation code — those six digits sent to the device during the messaging application's installation and authentication process.
WhatsApp only works on one phone at a time, in addition to being mirrored on the WhatsApp Web interface by the computer. When you try to activate on another smartphone, the app will send a numeric code via SMS and you have to inform it to complete the authentication. Hence the login on the original phone is undone.
With the code sent by SMS in hand, criminals are able to activate the victim's WhatsApp account on another device.
About 20 times today I received an audio about audio of the scam they are giving using the name of the DataFolha survey.
– William Santana (@SouwilliamJs) May 25, 2020
Since the beginning of the pandemic, the Datafolha Institute has been conducting research by telephone. All information is collected during telephone contact, and there are no automated messages or robots in the process.
"At no time, in the surveys of the Datafolha Institute, confirmation messages are sent," said Mauro Paulino, director of Datafolha, to Folha de S.Paulo.
My mother's friend received a message via whatsapp saying it was a Datafolha survey on the use of chloroquine. She went to the office to answer that she was in favor, not knowing that there is a coup by the wpp that uses this "research" from Datafolha.
– Cebolaina_Jones (@ el_cebolit0) May 27, 2020
For Thiago Marques, Kaspersky security analyst, this type of scam makes it difficult to identify the user, since, due to the pandemic, numerous surveys are being carried out by phone or internet.
"It would be interesting if we had a way to be able to identify whether that research is real. Maybe a portal that would validate it. As we don't have it, the malicious ones take advantage of this situation", he says.
In addition to WhatsApp, the audio also states that it is possible to clone the cell phone and steal bank details. But, experts explain that this type of action is not possible through SMS.
"This code will allow access to the account. It is specific to a certain service. If the user reports this code, there is no possibility that the criminal will steal the phone", explains the Kaspersky security analyst.
Lately, countless scams to steal WhatsApp have been reported on social networks. From inviting celebrities to parties to confirmations for emergency government assistance, scammers follow the same strategy: they send messages to users and ask them to confirm the contact via an SMS received on their cell phone.
If this type of scam still happens, it is because it is still working – just change the bait for any new news that catches the eye. The scam does not depend on technical involvement to happen: just the conversation.
"No service depends on codes sent by WhatsApp. The only function of this code is the release of WhatsApp for a new cell phone. If the victim did not buy a new cell phone or did a factory reset, it can only be a scammer trying to attack it", highlights Emilio Simoni, director of the dfndr lab, Psafe's digital security laboratory.
One of the ways to identify that the contact is a scam is to pay attention to the content of the message that arrives by SMS.
"The message is specified that the code is for the authentication of WhatsApp, so it is important for people to read the content. No such service will send a separate code, without any additional information. The user should be a little more critical to this type of thing, "warns the Kaspersky analyst.
After successfully stealing the user's WhatsApp, criminals usually contact their contacts to try to gain some financial advantage. The main action is still contacting a relative or close person to borrow money.
There are other forms of scams that can be taken from account theft, such as publicizing phishing campaigns.
What to do?
To be safe, turn on the two-factor authentication feature of WhatsApp, which adds an additional six-digit password that must be reactivated periodically by the user.
If you were a victim and provided the SMS code for WhatsApp, install the app from scratch as soon as possible. If he is lucky, the scammer will not have entered a two-factor password and it will be possible to resume the account.
Now, if there was no time to recover WhatsApp, it is important to contact family members to report the problem.
In addition, WhatsApp must be notified. For this, the user must send an e-mail with the following sentence in the subject and in the body of the text: "Lost / Stolen: Please deactivate my account". Also include your phone number in the international format: +55 (Brazilian code), the area code for your area and the cell phone number. The destination address is the email@example.com.