Security News > 2022 > May > Hackers steal WhatsApp accounts using call forwarding trick
Sasi says that an attacker first needs to convince the victim to make a call to a number that starts with a Man Machine Interface code that the mobile carrier set up to enable call forwarding.
"First, you receive a call from the attacker who will convince you to make a call to the following number **67* or *405*. Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account" - Rahul Sasi.
Once they tricked the victim into forwarding calls to their number, the attacker starts the the WhatsApp registration process on their device, choosing the option to receive the OTP via voice call.
Users may miss this warning if the attacker also turns to social engineering and engages the target in a phone call just long enough to receive the WhatsApp OTP code over voice.
If call forwarding has already been activated on the victim device, the attacker must use a different phone number than the one used for the redirection - a small inconvenience that might require more social engineering.
The most clear clue of suspicious activity for the target user occurs after the mobile operators turn on call forwarding for their device, since activation comes with a warning overlayed on the screen that doesn't go away until the user confirms it.