MADRID, 25 Nov. (Portaltic/EP) –
cybercriminals have stolen and put up for sale through a hacking forum almost 11 million mobile phones with a WhatsApp account in Spain with the aim of implementing, among other things, hacking attacks ‘smishing’ Y vishing.
The ‘smishing’ is a type of cyberthreat that consists of sending an SMS by a malicious actor “pretending to be a legitimate entity and with the aim of stealing private information or make a financial charge”, as defined by the National Institute of Cybersecurity (INCIBE).
The vishingfor its part, is another type of social engineering scam via telephone with which these cybercriminals impersonate the identity of an organization or a natural person by making a call to obtain personal information.
The instant messaging platform WhatsApp would have been the target of these cybercriminals, according to a recent publication by CyberNews, which reports that one of these malicious actors has allegedly put up-to-date mobile phone numbers for sale. almost 500 million users all over the world.
Specifically, this malicious actor published an advertisement on November 16 in a hacking community forum BreachForums with which he said to put up for sale a 2022 database with 487 million mobile phone numbers of users of this Meta service.
These lists would contain millions of contacts registered in 84 countries, such as the Czech Republic, Ghana, Lithuania, Ecuador, Hungary, Guatemala, Tunisia, Serbia, Cyprus, Turkey, Bulgaria, Puerto Rico, Canada and Spain.
According to the list of numbers affected by this attack provided by CyberNews, in the latter country the cyberfraudsters would have stolen a total of 10,894,206 WhatsApp phone numberswhich would place it in 15th position among the nations most affected by these attacks.
In first position is Egypt, with 44,832,547 stolen accounts, followed by Italy (35,677,323), the United States (32,315,282), Saudi Arabia (28,804,686), France (19,848,559) and Turkey (19,638,821).
On the contrary, the least affected countries for this theft would be Indonesia (130,331), Puerto Rico (130,586), Cyprus (152,231), Serbia (162,898), Luxembourg (188,201) and Brunei (213,795).
The main objective of cybercriminals interested in buying these phone numbers is to perpetrate ‘smishing’ and ‘vishing’ attacks, as well as to impersonate other users and commit fraud.
From this medium they also state that, after issuing a request to the seller of this data, they were able to view a sample with 1,097 user numbers from the United Kingdom and 817 from the United States.
CyberNews claims to have contacted the seller of the database, who has told him that he sells those from the United States for $7,000, those from the United Kingdom for $2,500, and those from Germany for $2,000, for example.
After being asked about the origin of this database, the seller did not want to give details about how he collected the numbers, although he could have done so through the so-called scraping technique and violation of WhatsApp Terms of Service.
From WhatsApp, for their part, they consider that the information about the leak of telephone numbers it has no foundation, since they understand that it is not clear where they have been obtained, and that since WhatsApp has more than 2,000 million users around the world, it is very likely that in any list of telephone numbers that appear on the Internet there are users of this messaging service.