Vida Celular

All about the best cell phones

A new scheme for defraud the system WhatsApp's two-factor authentication feature has become popular in Brazil, and users should be careful. A survey conducted by security company Kaspersky indicates that criminals have identified a new way to bypass the protection system using social engineering and a request to application support.

The crime, which is already well-known among Brazilians, seeks to hijack access to a WhatsApp account in order to commit fraud and steal personal data from the contacts of the defrauded user. To reduce the occurrence of these invasions, WhatsApp created a two-factor authentication system in which the user must confirm that he is the one trying to access the application by entering a code received via SMS or through Facebook itself.

Understand how it works.

According to Kaspersky experts, the security measure has become popular among Brazilians, which has forced criminals to improve the way they operate to hijack accounts. According to the company, there are no changes to the initial scheme.

The person receives a call from the criminals who present themselves as representatives of the Ministry of Health and ask if they can conduct a survey on Covid-19. The entire scenario has a clear objective: to make the person give the six-digit code that is sent via SMS to “confirm the survey”. If the victim does not pay attention to the message and provides the code, the account may be hijacked.

The change occurs when the scammer comes across a screen requesting the two-step authentication password. When this happens, they end the call for the supposed survey and call the victim again, but this time, the criminals pretend to be the messaging app's support team, explain that the company has identified malicious activity on the account, and instruct the victim to access their email to re-register for two-step authentication.

Also according to Kaspersky, that's where social engineering comes in. The email received by the user is, in fact, an email from WhatsApp requested by criminals. The message usually comes with the title Two-step Verification Reset, as well as a link to disable the security system.

During the call, criminals try to trick the victim into not realizing that it is a link to deactivate the security system, which will allow the invasion.

How to prevent

According to Kaspersky, as this is a social engineering scam, that is, when criminals use skills such as communication and empathy to obtain something illicit, the best way to prevent it is to be aware of the scam and pay attention to the details.

Please note that the Ministry of Health, nor any other public service or operator, will request personal data such as passwords to access third-party applications, such as WhatsApp. If you receive any type of similar call, end it immediately.

Additionally, strengthen your smartphone security with the following steps:

  • Activate two-factor authentication (six-digit code) in WhatsApp. To create it, follow these steps:
  • Go to the “settings” menu in the top right corner
  • Go to the “Settings” option
  • Then click on “Account”
  • Select “Two-step verification”
  • Create a six-digit code that will be your two-factor authentication.
  • Request that your number be removed from caller ID lists on apps that identify calls; these can be used by scammers to find your number from your name.
  • Never disable two-factor authentication unless the person forgets their password and makes this request.

Image: natanaelginting/FreePik