This WhatsApp Call Forwarding Trick Allows Hackers To Hijack Your Account
WhatsApp, the messaging app owned by Meta that employs the end-to-end encryption Signal Protocol, is massively popular worldwide. The app boasts more than 2 billion users, which is over a fourth of the world's population. Unsurprisingly, given the app’s popularity, scammers and hackers often target WhatsApp and its users. Some phishing campaigns use WhatsApp as a means to deliver malware to users’ devices, while others go after their accounts.
Rahul Sasi, founder and CEO of CloudSEK, a cybersecurity AI firm, recently drew attention to a phishing attack that targets WhatsApp accounts and leverages phone call forwarding. Each WhatsApp account is tied to a phone number, and bad actors are calling these phone numbers directly and employing social engineering techniques to trick victims into handing over their WhatsApp accounts. However, victims may not suspect that the calls are related to WhatsApp in any way until it’s too late.
Rahul Sasi, founder and CEO of CloudSEK, a cybersecurity AI firm, recently drew attention to a phishing attack that targets WhatsApp accounts and leverages phone call forwarding. Each WhatsApp account is tied to a phone number, and bad actors are calling these phone numbers directly and employing social engineering techniques to trick victims into handing over their WhatsApp accounts. However, victims may not suspect that the calls are related to WhatsApp in any way until it’s too late.
Rather than trying to steal login information directly from account owners, the attackers are instead tricking users into setting up call forwarding. Cell service providers offer call forwarding that customers can set up by dialing the number they wish to receive forwarded calls preceded a Man Machine Interface (MMI) code. An attacker can use social engineering to convince victims to dial a phone number controlled by the attacker preceded by a call forwarding MMI code. For example, an attacker might convince a victim to dial **67* followed by a regular 10 digit phone number.
Once the victim unwittingly sets up call forwarding, the attacker will attempt to log into the victim’s WhatsApp account and select the option to receive a phone call conveying a one-time password (OTP). The call from WhatsApp will then be forwarded to a phone number owned by the attacker, and the attacker can enter the OTP to gain access to the victim’s WhatsApp account. The attacker finalizes the account takeover by enabling two-factor authentication (2FA), locking the victim out of the account. WhatsApp users should set up 2FA now to protect their accounts and prevent bad actors from carrying out this kind of attack.
Once the victim unwittingly sets up call forwarding, the attacker will attempt to log into the victim’s WhatsApp account and select the option to receive a phone call conveying a one-time password (OTP). The call from WhatsApp will then be forwarded to a phone number owned by the attacker, and the attacker can enter the OTP to gain access to the victim’s WhatsApp account. The attacker finalizes the account takeover by enabling two-factor authentication (2FA), locking the victim out of the account. WhatsApp users should set up 2FA now to protect their accounts and prevent bad actors from carrying out this kind of attack.
