Security experts have warned WhatsApp users of a major security scam targeting their accounts on the world's most popular messaging application.
The threat allows attackers to lock down your account by deactivating your account, and bad actors need to cause all this havoc more than knowing your phone number.
The horrific new scam was first highlighted by two security experts in Forbes magazine, with security researchers Luis Marques Carpentero and Ernesto Canales Perina warning that anyone could be banned from accessing their account within 36 hours.
The attack is carried out when the hacker tries to install the WhatsApp application on his devices and enters the victim’s mobile phone number during the initial account creation process, and if someone does this, the victim will receive a text message from WhatsApp giving him an important 6-digit code required to complete the setup process.
If the hacker cannot convince the victim to send this code; The possibility of him being able to guess is almost impossible; Therefore, the attacker will try to enter using the wrong codes, and it will continue to fail.
So far, there is no problem, but the problem appears after a number of failed attempts, and WhatsApp will stop creating these codes. The chat application will inform the victim that someone is trying - and failing - to set up WhatsApp, and that they have to wait 12 hours before resending the SMS.
After the 12-hour period is over, the attacker follows the same method to try random codes, then fails, and WhatsApp again stops generating the codes for another 12 hours, and while no new setup codes are generated, the attacker can create a fake email address and contact WhatsApp Support.
The attacker provides the victim's phone number to the support agent, says that his account has been lost or stolen and requests that it be deactivated.
The support agent then locks the user's account, without verifying that the person they are contacting via email is an attacker with the victim's phone number.
And if the attack reaches this point, and the attacker sends a message to WhatsApp support on behalf of the victim, the latter will have a major headache trying to recover his account. It will be too late at this point, the researchers say, and the victim will have to try to find someone from support to talk to in person.
Speaking about the threat, Jake Moore from ESET, an information security company, says, "This is another worrying hack, which could affect millions of users who are likely to be targeted by this attack. With so many people relying on WhatsApp - as their primary communication tool for social networking and work - it is alarming how easily this can happen."
