Security experts have warned WhatsApp users of a major security fraud targeting their accounts on the world's most popular messaging app.
The threat allows attackers to close your account by deactivating your account, and the bad actors need to do all this damage no more than knowing your phone number.
The terrifying new fraud was highlighted for the first time by two security experts in Forbes magazine.
Security researchers Luis Marquez Carpintero and Ernesto Canales Berina warned that anyone could be blocked from accessing their account within 36 hours.
The attack is carried out when the hacker tries to install the WhatsApp application on his devices and enter a mobile phone number for the victim during the initial account creation process, and if someone does so, the victim will receive a text message from WhatsApp giving him an important 6-digit code required to complete the setup process.
If the hacker cannot convince the victim to send this code;
The possibility that he could guess this is almost impossible.
That is why the attacker would try to log in with the wrong code, and continue to fail.
So far, there is no problem, but the problem appears after a number of failed attempts, and WhatsApp will stop generating these codes.
The chatting app will inform the victim that someone is trying - and failing - to set up WhatsApp, and that they have to wait 12 hours before resending the SMS.
After the 12-hour period expires, the attacker follows the same method in trying random codes, and then fails, so WhatsApp returns once again to stop generating codes for another 12 hours, and while new setting codes are not generated, the attacker can create a fake email address and contact WhatsApp support. Father.
The attacker provides the victim's phone number to the support officer, says his account has been lost or stolen, and asks to deactivate it.
The support agent then locks the user's account, without verifying that the person calling them via email is an attacker with the victim's phone number.
If the attack reaches this point, and the attacker sends a message to WhatsApp support on behalf of the victim;
The latter will face a huge headache trying to recover his account.
It will be too late at this stage, the researchers say, and the victim will have to try to find someone support to talk to in person.
"This is another disturbing breach, which could affect millions of users who are likely to be targeted by this attack," says Jake Moore of ESET, a company that specializes in information security, speaking about the threat. WhatsApp - as their primary communication tool for social networking and work - it is alarming how easy this can happen. "