Rahul Sasi, founder and CEO of CloudSEK, a cybersecurity AI agency, just lately drew consideration to a phishing assault that targets WhatsApp accounts and leverages cellphone name forwarding. Each WhatsApp account is tied to a cellphone quantity, and unhealthy actors are calling these cellphone numbers immediately and using social engineering methods to trick victims into handing over their WhatsApp accounts. However, victims could not suspect that the calls are associated to WhatsApp in any approach till it’s too late.
Once the sufferer unwittingly units up name forwarding, the attacker will try and log into the sufferer’s WhatsApp account and choose the choice to obtain a cellphone name conveying a one-time password (OTP). The name from WhatsApp will then be forwarded to a cellphone quantity owned by the attacker, and the attacker can enter the OTP to achieve entry to the sufferer’s WhatsApp account. The attacker finalizes the account takeover by enabling two-factor authentication (2FA), locking the sufferer out of the account. WhatsApp customers ought to arrange 2FA now to guard their accounts and forestall unhealthy actors from finishing up this type of assault.