A chief prosecutor drew the citizens’ attention to the new method of deception to which users of the WhatsApp application are exposed.
The method is similar to the one by which users were asked to vote for a contestant in a ballet competition, but this time the received message is sent, apparently, from a courier company, through which the victim is notified about a package and asked to access a link.
“The link leads to a fake page, which imitates WhatsApp/courier company pages, where you are asked for your phone number and then the code received via SMS. That code is NOT for the parcel, it is the WhatsApp authentication code.
How to steal the account:
1. Enter the fake link;
2. Enter the phone number;
3. You receive an SMS with a WhatsApp code;
4. Enter the code on the fake website;
5. The attacker logs into your WhatsApp
6. You lose access to the account”, explained Adrian Radu.
Afterwards, the attackers have access to the phone book and send messages to the contacts, asking in the name of the one whose account they stole, with a loan, by bank transfer, various sums of money, until the next day.
The messages are of the type: “Hello. Sorry for the question, but do you have 3200 lei on your card? I’ll return it to you tomorrow morning ????”.
“If you click on the link, your account will be stolen if you don’t have two-step authentication“, draws attention to the prosecutor.
It recommends application users to activate two-step authentication on WhatsApp (Settings → Account → Two-step verification), not to access links from unexpected SMS, as couriers never ask for WhatsApp codes and verifies your real sender by accessing the official application and manually typing the courier company’s website.
What are brushing scams
According to experts, the “brushing” fraud system works according to a clearly established pattern.
Thus, a hacker obtains a list of names and postal addresses, usually listed on cybercrime forums following data breaches, or through people search sites, but they can also collect information from publicly available sources.
Afterwards, he creates a fake buyer account on an e-commerce platform or a marketplace where he sells his products, uses the account to “buy” his own product on that platform and ships it to the victim’s address. Further, the attacker uses the fake account to post a 5-star review, brushing up the article’s reputation and visibility.
