If you have any questions about information security (antivirus, intrusions, cybercrime, data theft etc.), please email firstname.lastname@example.org. The column answers questions left by readers on Thursdays.
SMS messaging comes with six-digit code that activates WhatsApp and alerts users not to share it. – Photo: Reproduction
Hello, I received two messages and a call now informing you of six-digit WhatsApp code and asking me to click the link to verify my number. The link is: v.whatsapp.com/ … and the six numbers entered. However, I did not request any number, did nothing. What should I do? Thanks. – Larissa Gatti
This message you received results from a WhatsApp activation request. Anyone can initiate a WhatsApp activation: just install the app on any mobile device and enter your phone number during app activation.
In a few seconds, you'll get this message, telling you the link and six-digit code to activate the phone – even if the request came from a phone too far away from yours.
Since you did not request WhatsApp activation, this message has no effect on you and should be ignored. You can't stop other people from trying to activate your number, so receiving that message by itself doesn't mean you are at risk.
But the code you received should not be passed on to anyone.
You can delete the message, but the code does not have a very long validity.
Criminals perform scams by deceiving victims into obtaining these six-digit codes and activating their WhatsApp account on another device they control.
If you fall for this scam and provide your activation number – which can happen via SMS or phone – your access to WhatsApp will be blocked and criminals will try to scam your contacts, often borrowing money.
You can prevent these scams by setting up 2-step verification in WhatsApp:
- To do this, access the three-point menu in the upper corner of the application;
- then tap Account and then "2-Step Verification";
- You will need to set up a PIN (numeric password) and an email address for account recovery if you forget your password.
WhatsApp 2-Step Verification helps prevent attacks that attempt to steal your app account. – Photo: Reproduction
How to report crashes: iFood
I read the article about Google's rewards for failed apps and paid rewards. Not sure how and who to contact, but discover a flaw in the iFood, delivery app. – Denis
The Android App Failure Rewards program, announced by Google in August, only covers apps that have passed the 100 million install mark on Google Play.
Many popular applications have not passed this mark and are therefore not part of the Google program. Nor are many on the hackerOne platform, which brings together rewards programs from hundreds of companies.
This is the case with iFood: the app has no 100 million downloads and is not on hackerOne.
Wanted by the Blog, iFood said it has a direct channel for application users to report potential instabilities via email email@example.com. The company also clarifies that currently has no financial reward program aimed at security breaches.
Generally speaking, if the app is not on hackerOne, you can try other channels of contact with app owners.
In any case, expect no reward. While some companies may be grateful, demanding a reward for reporting a security issue is considered an ethics flaw and even extortion, depending on the case.
Digital security questions? Send an email to firstname.lastname@example.org.
Stamp Altieres Rohr – Photo: Illustration: G1