When the WhatsApp application is installed on a new computer the phone number associated with the account must be entered. An SMS message will then arrive with a six-digit verification code to validate the user’s identity. Up to this point the process sounds simple, however, these steps are being exploited by cybercriminals that seek to take control of the accounts, both of users and companies.
How does it all happen? The victim receives a text message or via WhatsApp on their phone asking if they can please resend the six-digit code that was sent to their phone by mistake. The message may be from a contact who lost access to their account or an unknown number.
What follows is the following: If the unsuspecting victim resends the code that arrived unexpectedly, it is likely that they will lose control of their WhatsApp account if they did not have two-step authentication enabled, explained the computer security company Eset.
Why is it important to enable two-step authentication?
Camilo Gutiérrez Amaya, head of the Eset Latin America Research Laboratory, said that protecting the WhatsApp account and other social networks It is a duty of each user, so it recommended not to click on suspicious links or fill in information in forms of dubious origin. He also indicated that activating the two-step authentication option is another way to avoid account hijacking.
In the WhatsApp corporate blog, the company is emphatic in Never share the WhatsApp SMS verification code with other people, not even family or friends.
How to activate two-step verification in WhatsApp?
The first thing is to open the Settings option at the top of the application (Android) or Settings at the bottom (iOS). Then go to Account and touch Two-Step Verificationselect Activate, choose a PIN and write it down.
The application then asks you to enter the email address and confirm. Adding the email is optional, however it is recommended to do so because it makes account recovery easier.
Please note that the 2-Step Verification PIN is different from the 6-digit registration code you receive via SMS or call.
How to recover WhatsApp account when stolen?
WhatsApp said that if for any reason it suspects someone else is using the account, must notify contacts because that person might impersonate the account owner in individual and group chats.
Keep in mind that WhatsApp provides end-to-end encryption and messages are stored on your device, so if someone accesses your account on another device, they won’t be able to read your past conversations.
You may be interested in: How to beware of scammers on dating apps?
If you already lost it and need to recover it, you can do the following process:
– Register on WhatsApp with the phone number and enter the six-digit code that you will receive by SMS message to verify the number.
– Once you enter the six-digit code sent by SMS message, the session of the person with access to your account will be automatically closed.
– You may also be asked to enter a two-step verification code. If you don’t know that code, the person with access to your account may You have activated two-step verification. In that case, you must wait seven days before you can access without the verification code in two steps.
– Regardless of whether you know the 2-Step Verification code or not, the person with access to your account will be logged out as soon as you enter the six-digit code sent by SMS message.
It also happens on social media
The most common path by which cybercriminals reach their potential victims is through social engineering attacks (phishing, messages that seem very real), a process they carry out through the option of direct messages or emails.
How do they operate in this case to gain trust? You can send him a DM message on Twitter, for example, pretending to be one of the official accounts of the social network and saying that an email or a code has just arrived. That’s when you get fake notifications that look real.
With this they seek that the user disclose confidential information to violate security policies: they ask for access codes, for example, to two-step authentication to take over the account.
How to set up two-step verification on social networks?
– Instagram: open the profile, click on the three bars in the upper right corner of the screen, select Setting and then go to Security. To activate two-step authentication: Settings, Security and select Two-step authentication, click Get started and then check how you want to receive the code (Text message or generated in an Authenticator app).
– Twitter: If you want to review the security settings on this social network, go to the option Settings and Privacy found in the menu and activate the option session verificationwhich will send a text message with a code to the mobile phone, which will be required to start using Twitter.
In this way, in case the password is stolen, they will not be able to enter. To activate Two-Factor Authentication you must go to Security, there are also other additional methods such as SMS, security key, backup codes and temporary password.
– Facebook: To be clear regarding the level of security risk in this social network, you must first enter the option Setting found in the menu on the left and then go to security and privacyonce inside (Security) you can define the values you want to have a greater or lesser impact on the security of the account.
