It all starts first by receiving an SMS message from WhatsApp technical support -or at least that’s what they say-, to communicate that your phone number, the one you have linked to your WhatsApp account, has been registered in a new account.
WhatsApp wants to know if the person they are addressing is the owner of the account, and that is why they ask you to resend them a six-digit security code that they will receive via SMS. The problem is that if you send that code to him, the person on the other side of the conversation will be able to steal your WhatsApp account and take over your number, your contacts and your chats. It is not WhatsApp technical support, it is a cybercriminal using a scam that began to be used massively last year.
Steal your WhatsApp account with an SMS
The thing works like this:
- A cybercriminal steals the WhatsApp account from a contact of yours of the app, gaining access to your contact book. Now decide to go for them, you included.
- To achieve this, the type / a install WhatsApp on a device you own and enter your phone number to associate it with the application
- The WhatsApp system send to that number that the hacker tries to register (your number) the verification code you need for security reasons, to verify that it is the correct user and finish the app installation
- The hacker knows that you just received an SMS with a 6-digit code, and using the number that he has taken from one of your contacts, he impersonates the technical service to ask you to please pass it on.
- If you do, the cybercriminal may end the registration of your WhatsApp account on your device, and at that time it will remove your access to it, having access to your contacts and groups.
In case this message reaches you, delete it immediately and notify your contact to tell him what happens to his account – but not by calling him on his mobile, but at another number. You can also do like this Twitter account and trolling the hacker that well.
Set up 2-Step Verification
It has been the cybersecurity company ESET that has given the alert that a method that we already saw in 2020 was being used again. Therefore, a tip so that this does not happen to you is to activate the two-step verification system in your WhatsApp.
When you activate two-step verification, any attempt to verify your phone number on WhatsApp must be accompanied by a six-digit PIN that you, and only you, will have created.
To enable 2-Step Verification:
- open WhatsApp
- Go into Settings
- Inside settings look for Bill
- Here you will see among the options a call Two-step verification
- give to Activate.
When you enable this feature, you can optionally enter your email address. This email address allows WhatsApp to send you a link with which you can deactivate the two-step verification, in case you forget your six-digit PIN, and thus protect your account. Please note that WhatsApp does not verify this email address to confirm its validity, so it is recommended that you enter A valid e-mail address so that you are not denied access to your account if you forget your PIN.
In case you receive an email to deactivate 2-Step Verification without requesting it, please do not click on that link. Someone may be trying to verify your phone number on WhatsApp. If you have two-step verification activated, it will take 7 days without using WhatsApp for your number to be verified again. This way, if you forget your PIN and don’t receive an email to deactivate 2-Step Verification, you will have to wait 7 days to re-verify your number.
After those 7 days, you will be able to verify your number without having to enter your PIN, but all the messages you have received during that period will be deleted and cannot be recovered. If 30 days have passed since WhatsApp was used for the last time, without your PIN, and you verify your number again, your account will be deleted but you will be able to create a new one, verify your number and establish a new PIN.
To help you remember your PIN, WhatsApp will ask you to enter your PIN regularly when you access the app. There is no way to disable this feature unless you completely disable the 2-Step Verification feature, although it is a good way to stick with the number you have chosen for sure.