Check Point warns that this new method is aimed at users who change cell phones and transfer their data from one device to another.

A new type of cyber attack that has been discovered in recent weeks is stealing its victims from WhatsApp accounts, capitalizing on the trust they have in their contacts, cybersecurity firm Check Point has warned.

When a user changes their phones and wants to transfer their WhatsApp account, the tech company sends an SMS authentication to the old phone number so that they can enter it into the new number.

This process allows you to change WhatsApp from one number to another. However, It’s also the gateway for cyber criminals to the victim’s account. “The first thing to know about this cyber attack is that the main asset of the criminal is to benefit from the trust of the victim,” says Eusebio Nieva, Technical Director at Check Point for Spain and Portugal.

He adds: “For this reason, the method of carrying out this attack depends on the fact that this cyber criminal was able to previously attack one of the contacts of the victim concerned and steal all the phone numbers in his possession.”

We suggest you read: How to protect yourself from cyber attacks in 2021?

in this way, Get the number the victim is using to write on WhatsApp SMS code is required for authentication. After that, pretending to be a known contact, he writes to the victim asking for the code, claiming that he was wrong to send it to him.

“The main thing about this attack is that the victim trusts the number he is talking to, because he trusts him when he meets him. Simple yet effective,” confirms the director.

WhatsApp account stealing opens the door to other attacks, for example, against contacts in your phonebook. Thus, you can send an SMS with a link that redirects to a site with “malware” or a message via WhatsApp of the type “See how interesting it is, download it”, and also with a malicious link.

However, It can also infect the mobile device to access various applications and movements of the victim Or to insert a banking Trojan horse into the device to steal banking details and thus obtain a financial benefit.

Account recovery is not easy. “The only way is to talk to WhatsApp to inform them of account theft and to cancel this account automatically with this phone number,” explains the manager. In addition, it will be necessary to inform the relevant authorities of what happened so that they can monitor the phone and “verify all possible contacts he made with other users to reduce casualties.”

To protect against this type of attack, “the most important thing is that when a person receives an SMS, they read it carefully,” says Niva. “It’s important to keep that in mind Be very careful with the codes being sent Knowing that you should never send a code that you receive to anyone, regardless of what he tells you or who requests it. “