How hackers take control of WhatsApp accounts and what you can do to protect yourself
Maybe you know someone who had had WhatsApp hacked: out of the blue, the person stopped receiving messages on the app and, when he realized what was happening, realized that the phone number was under the control of criminals. But how is it possible to do this?
The scam is called SIM Swap and consists of transferring the phone line to a SIM chip different from the one on your cell phone. It can be done in some ways that almost always involve social engineering: criminals pretend to be the victim and, with their personal information, get the operator to activate the phone number elsewhere.
We spoke with Fábio Assolini, a security specialist at the Kaspersky security company, to understand how the scam works, as well as some measures that can be taken to at least try to avoid being a victim of the attack. It’s not cool to realize that your WhatsApp has been hacked by someone else, but luckily there is something you can do to prevent it.
“Hijacking” the phone number
For a scam like SIM Swap to work, the first thing that needs to happen is for the criminal to get the victim’s phone number. He manages to execute the coup both with the simple data of the number itself, as well as collecting some more information. The form used depends on the attacker’s contacts – if he knows someone with access to the telephone operators’ systems, everything is easier. Otherwise, he will need more information about the person.
In the first case, the attack is quite easy for the criminal: with the help of an operator employee or someone who has access to the operator’s system, he is able to transfer the victim’s number to another chip. Thus, he starts to control the victim’s phone line without realizing it.
The second way is a little more laborious but easily performed by people with bad intentions. “The criminal himself comes to an operator’s store carrying fake documents as if he were the victim. He says he was stolen, or that he lost his cell phone, and tries to activate the number on another chip,” explained Assolini.
This second method can also be used in another way, but it does not result in the number being “hijacked” – only in deactivating it. “The criminal calls the central office impersonates the victim and presents personal data. He says the number was stolen and asked for it to be canceled.” If he really wants to access the number, he will need to go to an operator’s store to request that it be activated on another chip.
After the SIM Swap scam is done and the criminal controls the phone number, it is easy for him to access the victim’s WhatsApp: just install the app on another phone with the cloned chip inserted to carry conversations and contacts. From there, he can try to make financial gains: by posing as the victim, he can borrow money from someone with a promise to pay later.
Another thing that can be done is access to your social media profiles. If the person uses two-step authentication, via code sent by SMS, just ask that this information be sent to the victim’s cell phone number – which is under the criminal’s control.
And to recover?
First, it is necessary to identify that, in fact, the number was “hijacked.” “There are some signs that indicate that the phone has been compromised and activated on another chip,” explains the Kaspersky expert. “The first sign is to stop receiving notifications, SMS messages, and phone calls. WhatsApp even stops working, and the person no longer receives messages even in groups”, says Assolini.
From there, you need to contact the operator. “It can be by phone or in person, but it is recommended that it be in person. In the store, she can activate the number on a new chip on the spot and already solves the problem”, she says.
Assolini also cites a measure that does not stop the coup from happening, but at least makes it very difficult for criminals to act. “Enable two-step authentication on WhatsApp. It is a six-digit PIN code that is requested from time to time for the user to remember. Thus, if the criminal does the SIM Swap and does not know this password, he will not be able to enable it. WhatsApp on that number, “he explains.
The researcher warns that, although two-factor authentication is an extra layer of security, it is good to avoid that the additional method used is a code sent via SMS – if the number has been stolen, who will receive this code is the scammer and not the victim. Therefore, he recommends the use of applications that generate authentication tokens.