Eurasian Bank draws customers’ attention to a new scheme of cyber fraud, in which attackers gain access to WhatsApp accounts without hacking, swapping SIM cards and other obvious signs of an attack.

Scammers use the messenger function of connecting to additional devices. A message disguised as an official notification is sent to the user with a request to confirm access to the account. The link leads to a fake page that visually completely repeats the interface of the official service.

After entering the phone number and confirmation code, the attacker imperceptibly links his device to the user’s account. At that, the phone continues to work normally, and the account owner does not receive notifications about unauthorized access. The fraudster gets the opportunity to read correspondence, view media files, see contacts and send messages on behalf of the user.

The only way to detect a compromise is to check the Connected Devices section in the WhatsApp settings yourself. Any unknown connection indicates unauthorized access and should be removed immediately.

Eurasian Bank reminds the basic rules of digital security:

• treat any suspicious messages and notifications with caution;
• never enter WhatsApp confirmation codes on third-party websites;
• enable two-factor authentication;
• check the list of related devices regularly;
• use security software on mobile devices.