The digital world offers conveniences, but it also brings new threats. One of the techniques being used for scams is ‘spoofing,’ a method in which attackers impersonate users for malicious purposes.
How does ‘spoofing’ work on WhatsApp?
This method includes SIM card cloning or the use of attacks such as QRLJacking (Quick Response Code Login Jacking), which affects applications like WhatsApp Web. In this attack, the cybercriminal sends a fake QR code that the victim scans, giving them full access to the person’s profile and allowing the attacker to intercept and manipulate conversations.
The danger of fake QR codes
One of the highest risks occurs when the user scans a malicious QR code. Unbeknownst to them, the victim enables the criminal to spy on their conversations and impersonate them by sending messages in their name. This is especially serious, as the user continues to access their account without realizing that someone else is also doing so secretly.
Measures to protect against spoofing and QR code attacks
To avoid becoming a victim of these attacks, ESET Latin America recommends the following preventive actions:
-Verify the source of the QR: Never scan QR codes from untrustworthy sites or those received via messaging, email, or social media. Make sure to scan only from the official WhatsApp page.
– Enable two-step verification: This additional code offers a layer of protection that makes it difficult for attackers to access your account.
-Check your active sessions: From the WhatsApp settings, you can check the sessions open on other devices and close them if you identify any suspicious activity.
Other common scams linked to ‘spoofing’
Another type of fraud is verification code theft, where the attacker pretends to be a friend or family member and requests a six-digit code that the victim receives by mistake. Remember, never share this code.
Warning signs of scams on WhatsApp
WhatsApp suggests being attentive to:
– Requests to open links or share personal information.
– Requests for money or payment for the use of WhatsApp.
– Messages from unknown people trying to gain your trust.
If you suspect that you have been a victim of a scam, block and report the user on WhatsApp and review your privacy settings to limit access to your personal information.
Staying informed and acting with caution is key to avoiding falling into the traps of spoofing and other digital scams.