Whatsapp Web, the hacker scam: “I miss you so much.” Experts: “Watch out for innocent-looking images”

Message reports are on the rise «suspicious and dangerous» that are sent to Whatsapp accounts. But beware, these are not the Whatsapp profiles installed, through the Android and Apple digital stores, on our smartphones but those of Whatsapp websiteor the online application that we use from the browser and different from Whatsapp Desktop that is downloaded directly to the device (in fact it is a real application for PC or tablet, ed.).

What is happening

Who has never received “strange” messages on their device? SMS on mobile phones, emails in your inbox or even text or multimedia messages on Whatsapp. These tools are used by computer hackers to obtain sensitive and personal user data: Hackers, in fact, always (or almost always) enter one or more links in the message to click.

A scam message has been circulating on WhatsApp for some time: it is a message sent from a number unknown to us and not present in the address book. It usually comes from abroadas evidenced by the presence of international prefixes.

In the image we can see the prefix +91– This is India’s International Dialing Code for Direct Dialing (IDD) and is used to make international calls to India. A little like our +39. And while the Russians have the best hacking school in the world, the Indians are no less. There are even many references in series products, including “La Casa De Papel”. But to venture to say that the scam is the work of Indians would be too pretentious: it is certain that Indian servers and repeaters are often used because they use bounce signals that are difficult to trace (without going into details with technicalities that might bore readers ). , ed.).

Go back to the scam message the text is always the same: «Hello, it’s been a while since I contacted you. I don’t know if you still remember me, so I sent you a picture of me. I miss you moll. How are you? I have switched to a new Whatsapp account and I would like you to add my new Whatsapp account. Here we can connect better…».

What to consider: First of all, it is not a text message but an image that has the function of attracting attention, but above all it allows the scammer to interact by pressing the digital button “click here”. This allows hackers to send the victim to Malicious softwaremalicious software or code, hidden inside a seemingly harmless image that you simply click on to compromise your account.

Clicking on the image made the hackers receive access to archived account dataWhatsApp or Telegram, such as those related to contacts.

Whatsapp web issue

Whatsapp Web, according to experts, contains weaknesses, although things have improved over the years. The instant messaging application uses end-to-end encryption as a safety measure, and paradoxically it was precisely this characteristic that prevented the company’s technicians from noticing the presence of the fault. By not being able to see the content of the users, they were unable to prevent the sending of malicious messages.

“This situation exposes hundreds of millions of WhatsApp Web users to the risk of having their account stolen,” he explains. Oded Vanunu by CheckPoint. “Simply by sending an innocent-looking photo, an attacker could gain control of your account, access your message history, photos that have been shared, and send messages on your behalf.”

The solution

It’s simple: don’t click on the link and immediately block the number on WhatsApp. To avoid clicking on it by mistake, it would also be preferable to cancel the chat. Before answering and especially clicking on links, let’s think with a clear mind. An old acquaintance should certainly not return shrouded in so much mystery and send us elsewhere to find out.

Source : IL Messaggero

Related Stories