The new WhatsApp scam is currently targeting users in India.
On May 23rd, 2022, the founder and CEO of CloudSEK, a contextual AI firm, Rahul Sasi, shared details of a new WhatsApp scam where threat actors try to hijack users’ accounts through phone calls.
The scam is somewhat unconventional as the victim receives a call from the attacker, who convinces them to make a call at a number starting either with 405 or 67. After the call, the victim is logged out of their WhatsApp account, and hackers hijack them, gaining complete control of the accounts. Here’s how Sasi explained the entire attack scenario on Twitter.
“First, you receive a call from the attacker who will convince you to make a call to the following number **67*<10 digit number> or *405*<10 digit number>. Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account.”
How does the WhatsApp hack work?
According to Sasi, the number used for the fraudulent call is a service request for Airtel and Reliance Jio for Call Forwarding when a number is engaged. The scammer forwards the victim’s call to a number they own and quickly starts the WhatsApp registration process for the victim’s number.
They choose the option of sending an OTP through phone calls. Because the phone is engaged, the code goes straight to the attacker’s phone. That’s how the attacker gains control of the victim’s WhatsApp account while they get logged out.
Although the scam is targeting WhatsApp users in India at the moment, Sasi explained that attackers could hack anyone’s WhatsApp account if the hacker gets physical access to the phone and makes calls using this trick.
Since every country and service providers use somewhat similar service request numbers, this trick can have a global impact. The only way to protect yourself is avoiding to respond to calls from unknown numbers and not making calls to such numbers.