You may have never seen them before, but they are formidable. WhatsApp indeed understands short codes starting with * or # (but also **, *#). These are used to redirect calls but not only: as indicated by Bleeping Computer and Android MT, it is possible by composing a special code to cause the redirection of text messages to a number controlled by a malicious person.
As indicated by Android MT, this type of attack is developing in France. Usually it’s one of your contacts who, after having his account stolen, writes to you to let you know, for example “I’m having trouble with WhatsApp, please dial this number on your phone, I’ll explain later”. The rest depends on the hacker’s intentions and the code he has chosen.
These codes help hackers steal your WhatsApp account
Depending on this, the continuation of the attack may differ. For example, in some cases, SMS forwarding works, but only when the victim is on a call. So, to steal the account, hackers can try to call the victim several times while trying to install WhatsApp on a smartphone under their control.
Once in possession of the OTP security code sent by SMS, nothing can stop them. Unless maybe you have password protected all of your conversations. Of course, WhatsApp still notifies victims when this happens. But the pirate can often try – successfully – to confuse it. By claiming, for example, that it is the fault of his completely buggy WhatsApp account.
Android MT reports that card plan users may fall more easily into the trap. Some operators, especially abroad, offer these redirection codes as part of their procedure for recharging minutes and data. To protect against these threats, obviously, one of the best tips is to set a password to protect your account.
Beyond that, none of your real contacts is likely to push you to manipulate your own WhatsApp account for them. If in doubt, when you receive such messages, do not hesitate to call your correspondent directly to ask him in person what is going on, especially if you know him personally.