The dfndr lab, specialized in digital security at PSafe, carried out a survey on cybersecurity in Brazil for September this year. The state of São Paulo, the most populous in the country, concentrates the largest volume of attacks, with 107 thousand victims. Following, appears the state of Rio de Janeiro, with 60 thousand, and Minas Gerais with 43 thousand.
The result was released last Thursday (15), according to the data, more than 473 thousand Brazilians were victims of the WhatsApp cloning scam. In the last month alone, an average of more than 15,000 people a day have been victims of this type of action. Compared to August this year, the current figure was 25% higher.
”The cloning of WhatsApp is a scam that begins with social engineering, a method of attack in which a malicious person uses psychological manipulation to induce someone to perform specific actions, such as sharing personal information, downloading fake applications or opening links malicious. In the case of cloning, the cybercriminal specifically asks for the personal data, cell phone number and confirmation code that gives the victim access to WhatsApp, ”explains Emilio Simoni, director of the dfndr lab.
With the cell phone number and confirmation code, the cybercriminal can access the victim’s WhatsApp. After accessing the message exchange application, the scammer initiates conversations with the victim’s contacts. The executive of the dfnfdr lab says that, in possession of the personal data of the account owner, they convince friends and family to do favors, aiming at financial gain.
How to protect yourself
To protect yourself from criminals who want to invade WhatsApp, one of the most efficient ways is through two-factor authentication, so it is necessary to enter a personal password in addition to the security code sent by the platform when enabling the profile on another smartphone.
Another important guideline is to never send any security code that is sent without having been requested by the user himself. If you receive a message containing this numeric string, do not share or forward it to third parties.
The company itself provides tips and guidance on how to proceed in the event of having your account stolen and how to ensure security during the exchange of messages.
* With information from the R7 portal