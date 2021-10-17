Scams involving theft and cloning of WhatsApp accounts have increased in recent years. In 2020 alone, it is estimated that more than 5 million accounts were cloned from the application in Brazil. Criminals are increasingly creating strategies to deceive their victims, but many of the fraud attempts rely on the direct help of the Internet user himself – even if he doesn’t know it.

And scams like that are older than you think. A report released by the research laboratory of the virtual security company Eset already warned in 2019 that one of the growing ways of hijacking WhatsApp accounts is done through an attack known as QRLjacking.

The action takes advantage of social engineering techniques to attack not only WhatsApp, but other apps that use a QR Code (bar code evolution) for registration and use on a computer.

In the case of WhatsApp, the QR code is generated when the person accesses the app in the web browser or desktop version, on the popular WhatsApp Web. When this code is scanned, the user can access their account on the computer.

It is through this function that criminals attack, according to Eset researchers: scammers convince victims (by phone, email, text messages) to scan a misleading QR code, which instead of presenting an official page of the WhatsApp, displays a fake page that tries to hijack users’ WhatsApp session.

The research laboratory remembers that the QR code is an image that, once interpreted, can contain a URL or any other information capable of being understood by the device.

Newer WhatsApp versions require biometric or PIN unlock to validate a new session on another device. But older versions, which have not been updated by the user, use this code to grant access without any further validation. Knowing this particularity, cybercriminals were meticulous: they developed tools capable of capturing and storing the image of the QR code generated by WhatsApp and creating a new code, of the same type, to show the victim.

Once the hack is done, the user’s session is stored on the hacker’s computer and he can use it any way he wants. Detail: the “hijacking” of the account occurs without the use of the app on the victim’s cell phone being necessarily interrupted.

Eset warns that all apps that use the QR code could suffer similar attacks.

how to protect yourself

The company suggests some actions that serve as tips to avoid account hijacking in this case:

Use public or unknown Wi-Fi internet networks as little as possible, as attacks like this usually happen when the cybercriminal is on the same network as their victims. If you need to use the internet, avoid accessing information that is not extremely necessary at the time.

Know the apps you use and be suspicious if an ad asks you to scan the QR code in exchange for some benefit or as part of a process beyond validation. In the case of WhatsApp, the code is used exclusively to allow the application to be used on the computer.

Don’t fool yourself: even on networks considered to be secure, keeping your eye on is always a best practice to at least help prevent different types of security incidents.

Watch out for the app’s response to your command: if you scan a code and don’t receive any action in response, stay alert. If in doubt, go to the WhatsApp main screen, select the “WhatsApp Web” option and end all sessions that were started. This brings down criminals’ access to the account immediately.

Keep security programs on and up to date on your device: Always have these mechanisms set to block threats, both on your smartphone and on your computer.

*With information from Janaina Garcia’s article