Fraudsters use Ministry of Health to clone Whatsapp – News

Criminals are sending messages to Whatsapp users, disguised as Health Ministry officials who are said to be registering for vaccinations against the Coronavirus. The warning was issued this week by cybersecurity companies.

This technology, like other scams, uses the goodwill of the victim to circumvent even WhatsApp’s double authentication, a feature that has the function of preventing the user from stealing their account and falling victim to financial fraud.

After approaching the victim, posing as a ministry official, the criminals seek to persuade the user to provide a six-digit code that is sent via SMS to “confirm that the search has been conducted.”

In fact, fraudsters use the password request feature to double authenticate the user, and access Whatsapp through the computer. The code is sent to the victim’s cell phone and they ask the victim to pass the numbers on. If two-stage authentication is not enabled, the account can now be copied at this point.

If enabled, they terminate the alleged search and contact the victim again, but this time, disguised as a messaging app support. Under the justification of identifying malicious activity, the user is directed to access their email and conduct a double authentication record.

“What surprised us the most was that both the message and the link to restore double authentication were legitimate, that is, they were sent by the app owner,” says Fabio Asolini, Kaspersky’s chief security researcher.

“In the same way that we can request password recovery in an online store, we can request to restore the application’s double authentication, in case the password is forgotten. The fraud uses social engineering, forcing victims to click on the link received,” complete.

See also  A new Gmail shortcut lets you delete them in moments

Assolini also explains that scammers stay online while the victim accesses the email and link and indicates that the landing page, in fact, disrupts authentication in two steps. The idea is to allow the person to create a new password when the job is activated again.

“Cyber ​​criminals are taking advantage of the fact that the account is not protected and are using the temporary code that was received on the first call to perform the installation on their device,” he says. “This way, they can track the scam, and contact friends and family to ask for money.”

According to Kaspersky, it is imperative to avoid being a victim of a scam Enable dual authentication on WhatsApp. However, the company notes that only WhatsApp can provide a definitive solution to this and end the scams that involve account theft. It is important to remember that authentication passwords should never be provided over the phone.

He adds: “From a security point of view, the application should improve the process of restoring double authentication, and allow the registration on the company’s own page, rather than the procedure of disabling.” In this way, the scheme is rendered useless. “

a R7 He requested a position in the Ministry of Health, which has not yet expressed itself.

* Intern R7 Under the direction of Fabio Florey

You May Also Like

About the Author: Osmond Blake

"Web geek. Wannabe thinker. Reader. Freelance travel evangelist. Pop culture aficionado. Certified music scholar."

Leave a Reply

Your email address will not be published. Required fields are marked *