A simple but noteworthy attack is making the rounds on popular chat service WhatsApp. It’s incredibly easy for someone to pull off—all they need is access to a single account that has you listed as a contact. And if you’re susceptible to a bit of social networking, said attacker can take over your WhatsApp account pretty easily.
The attacker, still in control of the account that’s listed you as a contact, then messages you pretending to be that person. They’ll send you something along the lines of, “Oops, didn’t mean to send that to you, can you tell me what the six-digit code is?” And if you reply with the number, then you can kiss your WhatsApp account goodbye. The attacker has now taken it over, and they’ll use your contacts to continue the scheme.
Obviously, the best thing you can do to prevent yourself from being suckered in by this attack is to never, ever give anyone else any authentication codes you ever receive. There will never be a time when an authentication code is accidentally sent to you. Even if that was the case, said person trying to request a code for themselves should be able to just re-request it; they don’t need your help.
So, a little common sense prevents a lot of pain on this one. However, this attack is also a great reminder that you can and should be using WhatsApp’s two-step verification.
You set it up via Settings > Account > Two-Step Verification…Read more>>