Cybercriminals use a fake sender number to prey on German-speaking WhatsApp users. The criminals apparently send phishing SMS messages from the same phone number that WhatsApp uses to send its verification codes as a user. Reported on Reddit,
Advertisement
Since the phishing SMS uses the same sender number as WhatsApp, it appears below the genuine WhatsApp SMS.
(Picture: EmpiFree on Reddit,
Result: The smartphone displays phishing messages under the official WhatsApp number along with genuine SMS messages from the provider that have come in the past. “Whatsapp” appears as the sender.
If you fall for the scam and open the provided link, you are taken to a purported WhatsApp page with an extremely talkative chatbot from “Online Customer Service” that interactively walks the visitor through a “Security Checkup.” Guides, for which you must first enter your phone number.
vertigo bot
The bot then explains, in perfect German, that you should go to WhatsApp Settings to add a new device under “Linked Devices.” There you should click on “Link device via phone number instead” and enter the six-digit “security code” that the chatbot provides. If you follow the instructions, fraudsters have full access to the WhatsApp account and can read and send messages.
The system used is actually used to link the browser on the computer with WhatsApp so that the messaging app can be easily controlled from there. Instead of a verification code, which must be displayed on the computer and entered on the smartphone, there is also an option to scan the QR code from the computer screen to link the app.
The customer service bot on the phishing site instructs the potential victim to link a new device to WhatsApp.
Delete linked devices
However, third parties can also use this practical function to gain permanent access to someone else’s account – either by gaining brief access to an unlocked smartphone, or, as in the present example, through social engineering. Can be done. It is not that only cyber criminals are interested in this; This can become a problem during or even after the relationship.
If you want to be safe, you can check which devices currently have access to your WhatsApp account under “Linked Devices” in the WhatsApp menu (top right button with three dots). Here you should delete all devices on which you no longer actively use WhatsApp.
Who is reading? Remove all devices that you are not actively using to lock out third parties from your WhatsApp account.
Beware of social engineering
In principle, you should always be wary of messages (SMS, WhatsApp, social media, email, etc.) that contain a link or attachment and urge you to take an action. As the present case shows, Sender is not a reliable feature for detecting phishing attempts.
In the specific example, the text of the phishing SMS would have been more noticeable, but now you can’t rely on that either. Fraudulent chatbot proves criminals are capable of mastering German grammar. With the help of AI language models, this is no longer a hindrance these days and the next SMS can already be designed to be more professional.
The only reliable sign of authenticity is the specified domain of the phishing website, which is slightly different from the legitimate WhatsApp domain (whatsapp.com). In general, if you are suddenly asked to do a security check or something similar, it is phishing in most cases.
Also see on heise+:
(Rei)
