WhatsApp may be simple, the most important application there is. Already in Spain, where for years the most used messaging system and, perhaps, the most usual communication mechanism has existed, with various differences. Yes, of course, the criminals know this. For this reason you intend to exploit it to cause problems for users and, if possible, steal their money.
In recent years it has been localized through the application of several stafas campaigns. We explain how to recognize them and avoid them.
When the SMS code appears
Lleva desarrollándose years and years. Criminals are usually sent via companies, institutions or even the application’s technical service to request a code that can be recovered via SMS. The excuses you use are very varied. Sometimes it says that the user won a lottery. Others that your app account has been hacked or that you are under a security audit.
Sea like sea, in these cases it is normal to go and get the application’s authentication code, which the user receives via SMS when he is intent on opening the current account on a new mobile phone. If you log out and do not keep the double-factor authentication option offered by WhatsApp activated, the user will lose your account. And you may be supplanted, then. Furthermore, in these cases, recovering it can be complicated, because it is not possible to directly contact the app from another interlocutor, and the process can be simple, in several days.
When you are offered a well-paying job
In recent weeks, several malicious campaigns have been developed through messaging applications, including via Telegram and Signal, when criminals approach the user with job offers that are a chollo and where, presumably, the pages offered are worth around 100 euros. of the diaries.
If the user is interested in the offer, criminals will have to spend a sum of money to access the service. A place that evidently does not exist.
When piden you see YouTube
Recently, electronic security company ESET warned of a version of this previous operation in which criminals were offering money to modify their interaction with videos on YouTube. Even if at the beginning the delincuentes cumplen and pagan, there is a moment in which it forces the user to subscribe a sum in order to continue completing the work. Here I will recover all the inversion and with the increases.
When a stranger says hello to you
You’ve probably spent more than one occasion. Open WhatsApp and you find yourself with a message in which only a ‘Hola’ (or a ‘Ciao’, in English) appears from an unknown and, usually, foreign number. In this type of campaign, criminals try to start a conversation with the victim without notifying them, sharing data such as place of residence or email. All with the aim of using this information in future phases.
Another classic. In these cases the criminals are met by friends and relatives and told that they are in a foreign country and need money. There have also been times when the problem is at the airport or says he changed the victim’s cell phone. There may be many excuses, but the end goal is always the same: money.
Tricks to avoid it
In the vast majority of cases this type of operation is carried out from there unknown and in many cases even unknown telephone numbers. If the user receives a message from someone who is not in their contact list, he should be warned and discouraged from the first moment. In these cases, if the only person who says is «Hola, qué tal», the best thing is not to respond and, directly, block.
The same goes for them generic messages about the one that simply tells you that it is your mother, your daughter or your sobrina who pays the money. In these cases, sometimes, you may have some doubts about the veracity of the communication, but cyber security experts recommend verifying the veracity of the message elsewhere. For example with a real call to the phone of the person you are supposedly trying to contact.
You actually don’t need to send money unless you’re completely convinced that it’s not a story, because malicious campaigns like this have been very common for years.
Y the same step with requesting the required codes via SMS. There is no need to ever share them, because there is no company that requests data in this way via WhatsApp. Again the user must be careful because criminals steal the account from someone who is used to trying to reach their contacts. Therefore, if someone places a key that links to the message, even if it is an acquaintance, he must carefully look at what is there before transmitting it.
