WhatsApp is de facto the most popular social media service in the world with more than 2 billion monthly active users, beating Facebook with 1.3 billion users and competitors like WeChat with 1.2 billion users.
In order to maintain the privacy of its users, WhatsApp applies a unique end-to-end encryption for each conversation where only the WhatsApp user's device has the key to unlock the encrypted conversation. Traffic between WhatsApp users can be intercepted easily, but because it was encrypted with this special key, the intercepted results cannot be read.
For ordinary people, it would be very difficult if not impossible to crack WhatsApp encryption and required an application like Pegasus which costs around USD 500,000 and is allegedly only used by intelligence and government agencies.
So if someone says they can hack WhatsApp, Signal or Instagram that has been encrypted, you need to immediately suspect and don't believe it. Technically just tapping can (if you are on the same Wifi network as the victim or you work at the ISP used by the victim).
However, it is impossible to read the results of the intercepts because the intercepts are encrypted and the decryption key is only stored on the WhatsApp user's device application and even the WhatsApp server does not have the key to open the encryption.
However, many people still want to eavesdrop on the contents of other people's WhatsApp conversations, whether it's their business competitors, exes, partners who are sometimes close on WhatsApp but far away from their hearts or for other reasons.
This desire is well exploited by fraudsters to gain financial benefits from people who want to intercept WhatsApp communications by claiming to be able to tap WhatsApp. Like a modern-day witch doctor, instead of successfully eavesdropping on WhatsApp conversations from the targeted victim, he has instead become a victim of fraud with various social engineering.
In the end, it was not the result of the wiretapping that was obtained but an act of extortion where if the victim did not pay the amount of money claimed for the wiretapping, then this tapping action would be reported to the owner of the number to be tapped.
Vaccinescom got its hands on action from one of the scammers who sought out their victims via Twitter and took advantage of the victim's naivety for financial gain:
Figure 1, Fraudsters placing ads on Twitter providing WA and IG hacking services
Fraudsters advertise themselves as powerful and capable of tapping WA, FB, IG and Twitter with super and trusted abilities such as:
- Without touching the target's HP
- Unbeknownst to the target
- Privacy is safe and reliable
If the victim is provoked and calls the number advertised, all kinds of nonsense will be released as long as the victim believes it (see pictures 2 and 3).
Wiretapping WhatsApp Photos: Vaccinescom
Figure 2, Fraudsters claim to be able to read messages and calls without being noticed by the target.
Figure 3, Just $500 all messages and calls will be intercepted, so the fraudster claims
In carrying out their actions, the fraudsters capitalize on large skills, talents and several bank accounts to accommodate the payments of their victims. The bank accounts used in the action reported to Vaccines are Gopay at CIMB and BCA Digital accounts.
Figure 4, BCA Digital Account used by fraudsters
Although the Twitter account of the fraudulent @jasasadapchat has been reported and blocked by Twitter, the accounts in the name of Listrian Despriana BCA Digital (picture 4) and CIMB under the name of Gopay Rizki Ramadhan (picture 5) used by this fraudster, according to Vaccination's monitoring until this article was written, are still active. and not closed yet.
Figure 5, Gopay Rizki Ramadhan's account used by fraudsters to collect extortion money
The victims of this scam are quite a lot with losses estimated at hundreds of millions of rupiah, as can be seen from the many Twitter posts that inform the fraudulent actions that led to this extortion.
Figure 6, Fraudsters who after successfully carrying out their actions then block the accounts of their angry victims
The technique used is actually simple, using the generality of the victim, fraudsters use IT terms such as Two Factor Authentication, Fingerprint Scan and several captures that look as if the wiretapping process has been successful and is running in plain sight.
Figure 7, Fake display as if it had successfully tapped a Whatsapp account.
In carrying out the action, the victims are systematically lured with the appearance of success, but there is always a final step that requires additional funds and every time additional funds are sent, other problems will arise that require additional funds.
This will be done repeatedly and unknowingly the victim will be even more desperate to get the results of this wiretapping and send back the requested funds.
Until a point where the money sent is already so large but the wiretapping results have not been given and the victim is angry and does not want to send the requested money again.
So this fraudulent act turned into an act of extortion and terror, where if they did not send the requested money, the owner of the number who wanted to be tapped would be notified that the victim wanted to tap the number.
Wiretapping WhatsApp Photos: Vaccinescom
Figure 8, This fraudulent action will end in extortion when the victim is no longer willing to pay the money demanded by the fraudster
Figure 9, Claiming to be able to tap and then extort.
Be careful, do not easily believe all kinds of claims in cyberspace. Tapping WhatsApp may still be technically possible, but reading encrypted WhatsApp messages is very difficult and somewhat impossible if for only a few million dollars you can intercept and read other people's WhatsApp messages.
Do not let you want to tap, it ends up being blackmailed.
