The attack begins with a seemingly innocent message from a friend’s number that says, “Hi, I accidentally found your photo!” accompanied by a shortened link. This URL, however, leads to a meticulously crafted, counterfeit Facebook login page that is designed to look identical to the real site. When an unsuspecting user enters their credentials on this fake page, the attacker captures them. These stolen credentials are then used to initiate WhatsApp’s device linking process. This critical step allows the attacker to connect their own device to the victim’s WhatsApp account.
Once the attacker initiates the device linking, WhatsApp sends a QR code or a six-digit code to the victim’s registered device. Because the attacker already has control of the victim’s Facebook session, they can intercept or manipulate the verification process to link the victim’s WhatsApp account to the attacker’s device. This gives the cybercriminal full, remote access to all of the victim’s chats, shared media, contacts, and group memberships. This level of access is highly dangerous, as it allows the attacker to not only read private information but also to impersonate the victim.
After successfully hijacking a WhatsApp account, the cybercriminals can impersonate the victim and message everyone in their contact list. This allows them to distribute more malicious links and potentially harvest credentials from multiple victims in a rapid, chain-reaction style. The attackers can also view and exfiltrate sensitive conversations and media files, join private groups to access confidential discussions, and spread phishing links or malware downloads under the guise of a trusted contact. Furthermore, they can blackmail victims by threatening to release private media or conversations, adding another layer of threat to the scam.
Many users are unaware that the device linking feature can be hijacked through social engineering and credential theft. While this feature was originally designed for convenience, allowing users to access their account on multiple devices like a phone and a desktop, criminals have now repurposed it into a powerful tool for large-scale account takeovers. To protect themselves, users should remain vigilant, verify suspicious messages through other channels, and avoid entering credentials on unverified pages. Implementing two-step verification on WhatsApp and regularly monitoring linked devices are also crucial steps to prevent falling victim to this sophisticated scam.
The most effective way to prevent falling victim to this scam is to be proactive about security. Users should always confirm with the sender of a suspicious message through an alternative channel, such as a direct phone call, before clicking on any links. Additionally, it is vital to carefully check URLs to ensure they are legitimate, looking for the proper domain name and HTTPS security. Enabling WhatsApp’s built-in two-step verification feature adds a critical layer of protection by requiring a PIN to link the account to a new device. Users should also regularly review their linked devices in the settings and immediately unlink any unfamiliar ones to maintain control of their account.
Reference:
