Warning over WhatsApp voicemail scam that could give hackers access to your account
- Scammers try to access a user's WhatsApp account via their voicemail inbox
- They first attempt to download and verify the app using victim's phone number
- By carrying out the attack at night, they bank on the user not checking their phone and take advantage of WhatsApp's six-digit verification code
- After getting the code, scammers can log into the user's WhatsApp account
A worrying new WhatsApp hack could give cyber criminals access to your account.
Scammers attempt to gain access to a user's account by taking advantage of weakly secured voicemail inboxes, according to Naked Security, a blog run by British security company Sophos.
The attacks became so prevalent that Israel's National Cyber Security Authority issued a nationwide warning.
Scroll down for video
A new WhatsApp hack could give cyber criminals access to your account. Scammers attempt to gain access to a user's account by taking advantage of weakly secured voicemail inboxes
To start, attackers try to install the WhatsApp app on their own phone using a legitimate user's phone number.
WhatsApp attempts to verify the login attempt by sending a six-digit verification code via text message to the victim's telephone.
Hackers try to do this when the victim may not be checking their phone, such as nighttime.
WhatsApp then gives users the option to send the six-digit code via a phone call with an automated message.
Since the user isn't checking their phone, the message ideally goes to their voicemail.
The scammer then takes advantage of a security flaw in many telecommunications networks, which provides customers with a generic phone number to call and retrieve their voicemails.
For many voicemails, users only have to enter a four-digit PIN, which if they haven't changed it, is typically an easy password such as 0000 or 1234 by default.
Hackers enter the password and gain access to the victim's voicemail inbox, thereby allowing them to listen to the pre-recorded message from WhatsApp that contains the six-digit code.
They enter that code into their own device, giving them complete access to the victim's WhatsApp account.
Experts recommend users turn on two-factor authentication on their account, which adds an extra layer of security, as well as make sure they have a strong PIN on their voicemail inbox
Making matters worse, particularly savvy hackers can set up two-factor authentication for the WhatsApp account, which requires users to enter a unique PIN code if they want to re-verify their phone number.
This prevents the victim from regaining control over their own phone number, Sophos noted.
The attack was first documented by Ran Bar-Zik, a web developer at Oath, but resurfaced again in a new report by ZD Net.
Israeli security officials have warned that the attack has been on the rise in recent weeks.
They recommend that users turn on two-factor authentication on their account, which adds an extra layer of security to your account.
'Using application-based 2FA...mitigates a lot of the risk, because these mobile authentication apps don’t rely on communications tied to phone numbers,' Sophos researchers explained.
Users can do that by navigating to Settings in WhatsApp, then tapping 'Account.' Navigate to the 'Two-step verification' heading and tap 'Enable.'
Further, experts say users should make sure they have a strong PIN on their voicemail inbox.
Most watched News videos
- Moment police in Leeds forcefully take children out of the house
- Moment man flees after ramming £200,000 Lamborghini into pole
- Doctor's advice to patients waiting for medicines amid IT outage
- Israel strikes Houthi targets in Yemen after Tel Aviv drone attack
- Shocking drone footage shows multiple vehicles ablaze in Leeds riot
- Mail tries to hike 'impenetrable' terrain where Jay Slater was found
- Ex-Gov Adviser: IT outage was a 'digital auto-immune disorder'
- Leeds: Moment rioting thugs throw fridge into fire and ignite bus
- Moment gay couple brutally whipped with belt and assaulted in Rome
- Hundreds descend on streets of Leeds for the SECOND night in a row
- Deputy speaker slaps down ex-Tory secretary for 'abominable' behaviour
- Leeds riots: Heartbroken father sobs and begs for his children back