Hackers steal WhatsApp accounts using call forwarding trick

[MH86]

Content source

https://www.bleepingcomputer.com/news/security/hackers-steal-whatsapp-accounts-using-call-forwarding-trick/

There’s a trick that allows attackers to hijack a victim’s WhatsApp account and gain access to personal messages and contact list.

The method relies on the mobile carriers’ automated service to forward calls to a different phone number, and WhatsApp’s option to send a one-time password (OTP) verification code via voice call.

It takes just a few minutes for the attacker to take over the WhatsApp account of a victim, but they need to know the target’s phone number and be prepared do some social engineering.

The attacker relies on social engineering and convinces the person to make a call to number containing a MMI code (*xx#), this in turn activates the call-forwarding on your number, and allows the attacker to recieve a whatsapp OTP via voice call, which in turn leads to the account takeover.