Beware of Whatsapp phishing with spoofed phone number

Contents

Cyber criminals are targeting German-speaking Whatsapp users with a fake sender number. The perpetrators are apparently sending phishing text messages with the same number that Whatsapp uses to send its confirmation codes, as reported by a user on Reddit.

The result: the smartphone displays the phishing messages under the official Whatsapp number together with genuine SMS messages from the provider that have arrived in the past. "WhatsApp" appears as the sender.

If you fall for the scam and open the link provided, you end up on a supposed Whatsapp page with an extremely chatty chatbot from "online customer service". This interactively guides the visitor through a "security check", for which you first have to enter your phone number.

Bogus bot

The bot then explains in perfect German that you should go to the Whatsapp settings to add a new device under "Linked devices". There you should click on "Link device via phone number instead" and enter a six-digit "security code" provided by the chatbot. If you follow the instructions, the fraudsters have full access to your Whatsapp account and can both read and send messages.

The mechanism used actually serves to link the browser on the computer with Whatsapp so that the messaging app can be conveniently controlled from there. Instead of the verification code, which must be displayed on the computer and entered on the smartphone, it is also possible to scan a QR code from the computer screen to link the app.

Remove linked devices

However, third parties can also use this practical function to gain permanent access to someone else's account – either by gaining temporary access to the unlocked smartphone or, as in the current example, via social engineering. Not only cyber criminals are interested in this, it can also become a problem during or after a partnership.

If you want to be on the safe side, you can check which devices currently have access to your Whatsapp account in the Whatsapp menu (top right button with three dots) under "Linked devices". Here you should remove all devices on which you no longer actively use WhatsApp yourself.

Beware of social engineering

Basically, you should always be careful with messages (SMS, WhatsApp, social media, emails, etc.) that contain a link or attachment and urge you to take any action. The sender is not a reliable feature for recognizing a phishing attempt, as the current case shows.

In this specific example, the text of the phishing text message would have been more conspicuous, but you can no longer rely on this either. The fraudulent chatbot proves that the criminals are capable of mastering German grammar. With the help of AI language models, this is no longer a hurdle and the next text message may already be much more professional.

The only reliable indication of authenticity is the specified domain of the phishing website, which differs slightly from the legitimate WhatsApp domain (whatsapp.com). As a general rule, if you are asked out of the blue to carry out security checks or similar, this is phishing in most cases.

See also on heise+:

• Preventive protection: How to avoid being hacked
• You have been hacked: What to do now

(rei)