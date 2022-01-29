MEXICO CITY.

yesWhile it is true that during the last year the theft and identity theft of information on bank accounts and fraud, as well as the distribution of malicious codes through messaging applications such as WhatsApp, increased between 120 and 146% in Mexico, social engineering is the master key for cyber criminals.

Miguel Hernández, Cyber ​​Security Manager at Check Point Software; Erick Armas, Deputy Vice President and Security Director of AT&T Mexico; as well as Kaspersky experts.

From this latest cybersecurity company, experts say that WhatsApp account theft attacks are spreading and continue to carry out scams using tactics such as ad verification, invitation to a party or VIP event, and account cloning. by stealing the photo of the victims.

Armas specified that, in the same way, SIM card systems do not allow cloning, although there are applications or malicious codes that allow the well-known SIM swapping, for which it is necessary that, on the one hand, a person obtains the chip , make a copy and give it to someone else, or the user clicks on some fake application or portal through which an intruder penetrates and not only hijacks the information, but has control of the entire device.

TAKE CARE OF YOUR IMEI

Miguel Hernández commented that one possibility is that a person obtains the IMEI of a certain mobile device in order to access the heart, which is the chip.

However, he assured that in the case of this cybersecurity company, they have not yet identified cases in which there is collusion between cybercriminal gangs and mobile service providers.

Both Armas and Hernández agreed on the need to use two-step or two-way validation systems in apps, given that the user can know the point to which they want to connect, but the connection point does not know the origin.

MOCK THE TWO STEPS

Kaspersky analysts have just discovered a scheme that, through the use of social engineering and a request to the application’s support area, circumvents the two-step protection.

The fraud begins with a call to the victim, where the criminals pose as representatives of a health institution and ask to take a survey on covid-19. At the end of the questions, the fraudster asks the victim to share the code that will be sent to her cell phone to record her participation in the survey.

The entire staging has a clear objective: to make the victim share the six-number code that is sent via SMS, which, in reality, is the code that the app sends in order to activate the application on a new phone. If the victim does not pay attention to the message and hands over the code, her account could be stolen. If there are two steps, the scammer calls the victim again, but this time pretends to be the app’s support team and tricks them.

