WhatsApp account hacking is frequent nowadays and a new fraud has now surfaced that allows hackers to take control of the messaging app’s accounts with just a phone call.
A report quoting Rahul Sasi, the founder and CEO of CloudSEk, brought attention to the new scam.
When victims receive a call from hackers, they are instructed to dial numbers beginning with ’67’ or ‘405’. They are logged out of their WhatsApp accounts after making the call, and hackers have complete control of their accounts in seconds.
— Rahul Sasi (@fb1h2s) May 23, 2022
“First, you’ll get a call from the attacker, who will persuade you to dial **67*10 digit number> or *405*10 digit number>. “Your WhatsApp would be logged out in a matter of minutes, and the attackers would have complete access to your account,” Sasi stated in a blog post.
They can then route the victims’ calls to a phone number that they possess. Meanwhile, the attackers begin the WhatsApp registration procedure by selecting “the option to send OTP through phone call.” ’ “The OTP will go to the attacker’s phone because your phone is activated,” he explained. The attacker is able to acquire access to the accounts of the victims in this way.
This method may also be used to get into anyone’s WhatsApp account provided the hacker has physical access to their phone and permission to make calls, according to the security researcher. “This method works globally because every country and service provider has an identical service request number,” he continued.