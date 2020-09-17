Last year we prepared a Cellular Detective column about the WhatsApp cloning scam, in which cybercriminals take advantage of a security breach provided by the users themselves to log into the messenger accounts and ask for money for the contacts of the person who had the hacked account.

And eight months later, the dfndr lab, a laboratory specializing in digital security at PSafe showed that the crime is still widely practiced. A survey of the company shows that, in August of this year alone, 377 thousand people would have been victims of this type of coup in the country. This means, in practice, that more than 12,000 people were attacked each day.

The Southeast region concentrated practically one in three WhatsApp clones in the period. São Paulo, the most populous state in the country, was the epicenter of the attacks, with 68,500 cases, followed by Rio de Janeiro, with 41,400 attacks and, in third place, with 28,200 occurrences, is Minas Gerais .

Scammers always take advantage of hot topics in the media, such as the coronavirus itself, to strategize and deceive victims. We have already identified scams in which malicious people try to impersonate researchers from TeleSUS and even the DataFolha Institute, claiming that they are doing research on COVID-19, and requesting a supposed confirmation code sent to the respondent’s cell phone to validate the research. . The code, in fact, is the WhatsApp PIN, a unique security code that should not be disclosed to third parties, and it is in possession of this code that cybercriminals are able to access and hijack the victims’ WhatsApp account. “The most common thing is for scammers to request loans and pay bills, again using social engineering to convince these contacts.” Emilio Simoni, director of the dfndr lab

According to the dfndr lab, the basis of this scam is social engineering, through a convincing technique in which scammers are able to persuade the victim to hand over their PIN code, thus having full access to the WhatsApp account of the attacked person. When hijacking a WhatsApp account, cybercriminals use this access to impersonate the victim and make requests to their contacts, and the damage can be even greater for those who make professional use of the cell phone.

The use of the personal smartphone for personal and professional purposes facilitates access by cybercriminals to confidential company information. Corporate data is very valuable to cybercriminals and the losses caused by their leaks are countless, exceeding financial damage and can affect customer confidence and even the company’s reputation ”. Emilio Simoni, director of the dfndr lab

The company offers, as a tip, the activation of two-factor authentication to increase the security of WhatsApp and never share the PIN code of the messenger with third parties, in addition to the use of mobile security solutions, whether personal or corporate.