In this scam, fraudsters try to log in to their victim's WhatsApp account via a call in order to steal data and phone numbers.
Anyone who complies with the request to enter a certain code has fallen into the trap.

And this is how it goes

The fraudsters use a telephone call to try to convince their victim to type a certain combination of numbers into the phone. It is a specific number preceded by an MMI code. This starts with **67* and 10 more digits or first ten digits and then *405*. Anyone who complies with this request will be logged out of their WhatsApp account and the fraudsters will have full access to it.

Rahul Sasi, founder of cybersecurity company CloudSEK, warned about this scam on Twitter.

What happens when you enter the code?

The trick is that call forwarding is set up. The code entered by the data subject in this case is a service request to the Indian communications companies Jio and Airtel, which set up call forwarding to another number if the data subject's number is busy.

Rahul Sasi further describes the process in that the attacker tricks the victim into staying on the line while a WhatsApp registration process for the affected number is running in the background, in the backend. Because the victim is on the line and it is busy, the fraudsters receive the code via the phone number they provided for call forwarding. If you activate two-factor authentication in the next step, you would have full control. Legitimate owners now have no way of accessing their accounts, according to the BleepingComputer . There are no longer any barriers to fraud.

“Every country and service provider has a similar service request number, so this trick works worldwide.”

Rahul Sasi

So be careful: In Germany it is the GSM code **21* that sets up call forwarding. The fraud method described above could also be used in Austria.

Therefore: If you are asked to enter a code on the phone, hang up immediately and block the number! BleepingComputer also emphasizes that protecting against attacks of this type is as easy as enabling two-factor authentication protection in WhatsApp. “This feature prevents malicious actors from gaining control of the account by requiring a PIN when you register a phone with the messaging app.”

Related: WhatsApp fraud continues

Sources: futurezone , BleepingComputer


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )