This WhatsApp Call Forwarding Trick Allows Hackers To Hijack Your Account
Rahul Sasi, founder and CEO of CloudSEK, a cybersecurity AI firm, recently drew attention to a phishing attack that targets WhatsApp accounts and leverages phone call forwarding. Each WhatsApp account is tied to a phone number, and bad actors are calling these phone numbers directly and employing social engineering techniques to trick victims into handing over their WhatsApp accounts. However, victims may not suspect that the calls are related to WhatsApp in any way until it’s too late.
Once the victim unwittingly sets up call forwarding, the attacker will attempt to log into the victim’s WhatsApp account and select the option to receive a phone call conveying a one-time password (OTP). The call from WhatsApp will then be forwarded to a phone number owned by the attacker, and the attacker can enter the OTP to gain access to the victim’s WhatsApp account. The attacker finalizes the account takeover by enabling two-factor authentication (2FA), locking the victim out of the account. WhatsApp users should set up 2FA now to protect their accounts and prevent bad actors from carrying out this kind of attack.