The recent extortion of a few people through their compromised WhatsApp accounts has put the spotlight back on a hacking tool that had surfaced less than two years ago: using a WhatsApp account to start a chain blackmailing and phishing scam.WhatsApp is now an inbuild application in most of the mobile phones it gives an ease of sending messages, videos, photos, calling and even sharing documents. Hackers have always been ahead to gain access to these applications. This time hackers have gained access to whatsapp and are blackmailing with some personal photos and chats after gaining access to these aplications .Recently Maharashtra Cybercell has issued an advisory for WhatsApp users, alerting them about a recent modus operandi used by hackers for gaining access to WhatsApp accounts.
Let us see how it works.
When a WhatsApp user changes their phone, he/she will have to verify that the new device is linked to his/her mobile number. This is done through WhatsApp verification code. The hacker knows the user’s mobile number and this whole series of attacks begins with one person (Mr P). If Mr P shares his WhatsApp verification code, he allows the hacker to gain access to his account.
Once Mr P’s account is hacked, the hacker gets access to all his contacts as well as groups. A chain reaction begins after this. Knowing that Mr K is the most contacted person from Mr P’s list, the hacker impersonates Mr P and convinces Mr K that his WhatsApp verification code is not reaching him, so he has sent the code to Mr K’s phone. Mr K falls for the trap without realising that it is his own verification code. As he shares the code, the hacker hijacks his account also.
Once Mr P’s account is hacked, the hacker gets access to all his contacts as well as groups. A chain reaction begins after this. Knowing that Mr K is the most contacted person from Mr P’s list, the hacker impersonates Mr P and convinces Mr K that his WhatsApp verification code is not reaching him, so he has sent the code to Mr K’s phone. Mr K falls for the trap without realising that it is his own verification code. As he shares the code, the hacker hijacks his account also.