During the year 2022, in Latin America there were 137,000 million cyberattack attempts according to fortinetbeing Peru, Mexico and Brazil the countries in which phishing (deception of users) was the most used modality and the one that prevails in WhatsApp with a false message or impersonating someone or a brand.
This year the messaging app was used by cybercriminals to make non-existent job offers, requests for money from fake accounts and attempts to steal users’ verification codes.
Cases that should serve as an alert and a learning opportunity for all those who use the platform, since these practices are not going to stop and, on the contrary, will evolve into new formats so that deception is much less evident. So here is a summary of the most used methods in 2022 to keep them in mind and not fall for them.
It may interest you:
false support system
Obtaining the verification code of an account is one of the most repeated objectives in 2022. Having this combination of numbers will allow the criminal to access a person’s account, since it is a unique password per user and allows the profile to be opened from another device.
So one method was to message people claiming to be the support system of WhatsApp and warning of a login from a iPhone 7. In the message they asked the user to answer if it was him or not, in the event of a refusal they insisted to the point of threatening to block the profile.
What they were looking for was that the victim will send the code to supposedly confirm the login. Being an obvious scam because the application does not have a support account within the same application and they never ask for that code by other means.
Although this theft attempt is not properly within the platform, it does use it as an excuse, because it sends the person a text message with a false confirmation code accompanied by a link, which is the real trap.
What the cybercriminals want is for the victim to enter that link so that malware can be downloaded to the phone and carry out another type of attack.
If you receive this message, it is important to check if someone else is trying to access the account. Going to Settings > Account > Two-step verification will bring up the option to create the six-digit code to support the account and compare it with the false code sent in the SMS, which must be deleted and the number reported.
Job offers and raffles
This scam was repeated several times this year. Using the name of well-known companies, the criminals sent messages to users through WhatsApp warning of a job offer from home, with a high payment and for a few hours.
The trick was to enter the link from where the process of linking to the company was supposedly carried out, but in reality it was the entrance to the download of viruses that affect the phone or the opportunity to collect personal data with false forms.
The modality was repeated with messages about raffles in which the victim had won a prize or where they could participate, as well as false offers for a premium version of WhatsApp that promises new functions.
You should always be wary of these kinds of extraordinary offers that are too big to be real.
a false contact
Account theft is to continue attacking more users, since by taking a profile they also have access to their contacts and conversations, which gives the victim more confidence to deliver information.
The Argentine journalist Jorge Heili was a victim of this scam. He was going on a trip to Spain and a friend told him that an acquaintance of his was selling euros, so he contacted him for the process, but in reality the person behind the account was a cybercriminal who had previously stolen it with the aim of obtaining other people’s data and money.
A similar case alerted from Spain. This time an unknown message came to the chat saying that he was a relative who was abroad. The person had to guess what it was about and by giving a name they started the scam by posing as that contact with the idea of asking for money or information.
In this type of situation, the best way to verify that it is someone you know is by calling the cell phone directly or speaking with a third party to confirm the situation.