In recent years, scams have become more and more frequent, especially those involving theft and cloning of WhatsApp accounts. In 2020 alone, the projection is that more than 5 million accounts have been cloned from application No. Brazil.

That's because criminals are increasingly creating strategies and tricks to be able to deceive their victims, they even structured a way to count on the direct help of the Internet user and without him knowing it. The action takes advantage of social engineering techniques to attack not only WhatsApp, but other apps that use a QR Code for registration and use in a computer.


In the case of WhatsApp, the QR code is generated when the person accesses the application on the internet or desktop. When the code is scanned, the user can access their account on the computer.

WhatsApp on iPhone (Image: André Fogaça/Olhar Digital)
WhatsApp on iPhone (Image: André Fogaça/Olhar Digital)

According to Ese researchers, it is through this function that criminals attack. Scammers convince victims (by phone, email, text messages) to scan a fake QR code, which instead of presenting an official WhatsApp page, displays a misleading page that tries to hijack the WhatsApp session.

Although the latest WhatsApp versions have biometric or PIN unlocking to validate a new session on another device, older versions use this code to grant access without any other type of additional validation.

Thus, cybercriminals have developed tools capable of capturing and storing the QR code image generated by WhatsApp to create a new code. After the intrusion, the user's session is stored on the hacker's computer.

An important detail is that the “hijacking” of the account happens without the use of the application on the victim's cell phone being interrupted.

Read more:

See how to protect yourself

Some attitudes can prevent any problem and prevent the worst from happening. See how to protect yourself with some tips, according to the company:

  • Use public or unknown Wi-Fi internet networks as little as possible, as attacks – in general – happen when the cybercriminal is on the same network as the victims;
  • Be suspicious if any ad asks you to scan the QR code in exchange for some benefit or as part of a process beyond app validation;
  • If you scan a code and don't receive any action in response, it's strange. For example, go to the main screen of WhatsApp, select the option “WhatsApp Web” and then close all sessions to take down criminals' access to the account immediately;
  • Don't forget to keep your security program activated and updated. These mechanisms block threats.

Source: UOL

Have you watched our new videos on YouTube do Olhar Digital? Subscribe to the channel!