LET'S TALk
,

Hackers Hijack WhatsApp Accounts with Call Forwarding Trick – Here’s How to Protect Yourself

Hackers have found a clever way to hijack WhatsApp accounts using a sneaky call forwarding trick, and the attack takes just minutes to execute.

Cybercriminals can exploit Mobile Operator MMI codes—short sequences starting with * or #—to forward calls to another number. By tricking you into using these codes, attackers can intercept your WhatsApp one-time password (OTP) sent via voice call and take over your account.

How It Works:

  1. The Call Forwarding Setup: The hacker tricks the victim into dialing an MMI code (like *67*), forwarding their calls to the attacker’s number.
  2. WhatsApp Hijack: After setting up call forwarding, the attacker begins registering the victim’s WhatsApp account on their device. When WhatsApp sends the OTP through a voice call, the code gets forwarded to the attacker’s phone. With the OTP, they gain full control of the account.

Social Engineering at Its Core

This hack relies heavily on social engineering. The attacker needs to trick the victim into entering the correct MMI code, which activates call forwarding. Skilled hackers may create a scenario that makes the victim think they need to dial the code, such as pretending to be tech support or a mobile provider.

SS7 Exploit – The Bigger Threat

While MMI-based hacks are relatively simple, a more sophisticated threat lurks in the form of SS7 (Signaling System 7) attacks. SS7 is the backbone of global telecom infrastructure, but it’s notoriously insecure. Hackers can exploit SS7 to intercept calls and SMS messages, including the OTPs used for two-factor authentication (2FA). Once they have the OTP, they can access everything from WhatsApp to banking accounts.

How to Stay Safe:

  1. Avoid Unfamiliar Codes: Never dial unknown MMI codes, even if someone claiming to be from your mobile operator asks you to.
  2. Enable Two-Step Verification: Add an extra layer of security to your WhatsApp by enabling two-step verification. This requires a PIN in addition to the OTP when registering your account on a new device.
  3. Watch for Signs of Call Forwarding: If your mobile provider displays a warning or your calls suddenly stop coming through, investigate immediately.
  4. Beware of Social Engineering: Always be skeptical of unsolicited calls or messages, even from contacts that seem legitimate.

Conclusion

Hackers will continue finding creative ways to exploit mobile communication flaws, but by staying vigilant and using proper security measures like two-step verification and awareness of suspicious codes, you can safeguard your WhatsApp account from takeover attempts.

If you think you’ve been targeted or suspect a WhatsApp hijack, act fast—log in to your account and revert any unauthorized changes. Stay informed, stay secure!

Vladimir Rene /CyberSecurity Expert

Facebook
Twitter
Email
Print
Newsletter

Sign up our newsletter to get update information, news and free insight.

Latest Post

We’re a team of dedicated cybersecurity professionals committed to creating a safer digital world.
Facebook Twitter Youtube

Services

Company

Information

Copyright © 2024 Marduk Hub, All rights reserved. Development by WebHulk
Scroll to Top