Another online attack targeting WhatsApp users has been revealed in which the hackers capitalise on voicemail to manipulate account access on a different device.
According to a British Tech Website, the Cyber Criminals target victims at a time when the devices are either switched off, on silent mode or when they are inactive.
The hacker first installs Whatsapp to their own devices and attempts to log in to other users accounts using their own device.
Normally, this process often demands the user to input a 6-digit code sent to them as an SMS or a phone call. In this case, the hacker opts for it to be sent as a call with an automated message.
When the victim does not pick up, the message, which is read out loud, automatically goes into voicemail.
Since voicemail is generally ignored hence no password change, most networks often allow for customers to access a predefined number, like in Kenya 123, and then use a system generated password that is usually 0000 or 1234.
The hackers then take advantage of the flaw and access the voicemail to listen to the Whatsapp code message which they use to verify the victim’s Whatsapp account on their phone.
Other hackers can even change the accounts setting using a two-factor authentication which would require victims to re-verify their accounts using a unique pin. This makes it difficult for the victims to regain control.
This comes hours after another warning over cloning accounts message circulating on Facebook over likelihood by criminals to gain access to one’s accounts.
A day before, there was also a warning over faulty windows 10 update capable of deleting large files of data from ones computer. Users have reported losing more than half their data.
