It is not new that computer crimes are committed through WhatsApp. However, it is a type of crime that continues despite various campaigns around the world to raise awareness about the dangers present in the messaging platform.
Cybercriminals often resort to social engineering to get users’ attention, making them believe that the information they are sending to them is true when in fact it is not and the only goal is to steal people’s personal data.
1. Brand Discounts and Bonuses: It is one of the most used forms of cyber attack on WhatsApp, and it is well known among the users themselves. It consists of the criminal sending the person’s information on behalf of an official company that offers discounts and bonuses for the brand’s celebrations and anniversaries. It turns out that to access the so-called bonuses, you must enter the link sent with the sharing message, which turns out to be a questionnaire where the personal data of the victim is requested, then it is indicated that to make the bonus effective, you must share the original message with other users and chat groups.
In addition to exposing the device to malicious ads, this scam steals information from a WhatsApp user, which can later be used to defraud their contacts.
2- Government social assistance: It is a similar situation to the previous one, where a message is sent to the person presumably from the government or an institution, telling them that they have benefited from the support program that best suits their profile.
In order to make social assistance effective, a form must be filled out in which cybercriminals steal personal data such as name, date of birth, document number and date of issue, among other information that will be sold so that other criminals commit fraud and identity theft.
In addition to the above, ESET stated that through this deception, it is possible to display invasive ads on mobile phones through programs that are silently downloaded when filling out the supposed form.
3. Old Friends Living Abroad: Not only does this type of crime happen on WhatsApp, but it is also very common on social networks. A letter arrives from an acquaintance apparently outside the country, but soon he will return and need help with some baggage or immigration operations, because he could not board the plane; In this way, they were able to steal money from people.
In this type of fraud, the messages are not as personal as in other cases, but the criminals are looking for someone to fall into their trap. This is a real conversation shared by ESET:
+ Hello how are you Greetings for the distance. I send you a big hug.
+ I imagine you remember who writes to you from Spain, right?
“Don’t tell me you’re Myria?”
+ Well of course, how are they doing there?
4. Apps to spy on someone else’s WhatsApp: According to ESET, there seems to be a huge interest from internet users in hacking other WhatsApp accounts, one of the biggest Google search trends is “WhatsApp spying”.
However, people in their attempt to find out what WhatsApp is hiding from their partners, family or friends, end up downloading apps, extensions or tools that, despite promising to spy on third-party accounts, what they do is infecting mobile phones with malware, too , known as viruses.
5. Error checking code messages: When downloading the WhatsApp application on a new device, it is necessary to register the account with the phone number to which a verification code will be sent later, which must be entered in the messaging platform. So far everything is going well, because it is what should normally be done.
The crime occurs when the potential victim receives a message from a stranger telling him that he has entered his phone number in the registry by mistake. So the person you want to attack must have received the code, which the attacker will then ask you to send again.
If the person, in good faith, sends the code to the supposedly ignorant person, they will lose control of their account if the two-step authentication is not activated.
Camilo Gutiérrez Amaya, Head of the ESET Latin American Research Laboratory, proposes the following recommendations to prevent data and WhatsApp account theft.
– Do not enter links that were sent with unknown numbers to WhatsApp.
– Do not fill out forms that are also sent to the messaging platform with personal data.
– Activate the two-step authentication mechanism in WhatsApp, using an authentication app and not an SMS.
Have a cybersecurity application or software capable of identifying potential threats.