Millions of users around the globe have been using their instant messaging application account, WhatsApp, during years. Here they have accumulated all their contacts, chats and content to be able to consult them if necessary. It must be taken into account that this account is generally associated with our mobile number.
For this and many other reasons, in most cases we do not want, under any circumstances, to lose that account that we are talking about. However, the attackers are precisely what they are looking for for different reasons, and now we are going to talk about a situation in which we can become the victims while we are sleeping or traveling on an airplane.
And it is that an attacker who is keeping an eye out can take control of our WhatsApp account in a much easier way than we can think. Precisely for this reason we are also going to talk about the way to protect you so that this theft does not happen, we already use it from the mobile or the PC.
How they steal our WhatsApp account
It must be said that the aforementioned attackers who want to take control of our account can take advantage of the unavailability of the user at that moment. Specifically, we mean that at a certain time and for several hours, the victim is not available to respond to the verification checks of the messaging platform. For example, this happens when we are sleeping and we put the mobile in do not disturb mode, or something similar can happen when We travel by airplane.
In these common situations, we run the risk of losing the WhatsApp account without realizing the process. All the attacker needs is our phone number, as we’ll see now. The method is simpler than we think, since initially the attacker tries to log in to our whatsapp account. Thus, as part of the verification process, the app sends a SMS with a PIN to the number linked to that account.
As we tell you, at that moment the victim is not available because they are sleeping, for example, so they do not realize that there is a suspicious login. The attacker then informs the WhatsApp support service that the SMS has not arrived. He then requests verification through a phone call. The account owner is still unavailable so he can’t pick up the call and it goes to the number’s voicemail.
The attacker knows our phone number, so he tries to access the voice mail by typing the last four digits of it. This is usually the pin code default to access the voice mail of our mobile.
Protect your messaging app account
At that moment, the attacker already has the WhatsApp verification code and can use it to access our account. You then have the ability to set up your own two-factor authentication method leaving the rightful owner without access to their own app account. Later on, you can use it for all kinds of malicious tasks that can even affect our contacts.
To protect it and prevent this from happening, the first thing to do is change the default PIN for our voicemail. In addition, it will always be advisable to activate the security system of two-step verification in our account and thus protect ourselves from this attack and many others.