Hack WhatsApp by call forwarding trick

How Does It Work?

It has been discovered that Whatsapp accounts can been breached by hackers using call forwarding.

Malicious threat actors can now gain control of your WhatsApp account using a hacking technique called call forwarding. This method is not necessarily the easiest as it requires quick responsiveness and social skills on the part of the threat actors.

However, to the skilled and experienced hackers, this could also mean taking control of a user’s account within just a few minutes.

There is a loophole that allows malicious actors to take control of the user’s account of an unsuspecting victim and read their private messages as well as their contact list.

WhatsApp’s Call Forwarding-How Does It Work?

WhatsApp, Meta’s instant messaging app, has a loophole that allows malicious actors to take control of any user’s account.

Call forwarding, the technique that can be used, makes use of an automatic feature provided by mobile carriers that redirects incoming calls to a different phone number, as well as an option provided by WhatsApp to transmit a verification code for a one-time password (OTP) through a voice call.

The founder and CEO of cybersecurity company cloudSEK, Rahul Sasi also confirmed that call forwarding provides success when it comes to breaching someone’s account in the messaging app. Sasi released some specifics regarding the method, indicating that it is used to hack WhatsApp accounts.

He added that the malicious actor must first persuade the victim to place a call to a number that begins with a Man Machine Interface (MMI) code that was set up by the cell carrier to facilitate call forwarding.

According to Bleeping Computer, Rahul Sasi stated, “First, you receive a call from the attacker, who will convince you to make a call to the following numbers: **67* or *405*. Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account.”

The first character of these codes is either a star (*) or a hash (#). They are not difficult to locate, and according to the testing that was tried out, the majority of the main mobile network operators support them.

On some cell carriers, a particular MMI code can either redirect all calls to a terminal to a different number or redirect the calls that come in when the line is busy or there is no reception.

If hackers are successful in convincing the victim to forward calls to their number, the malicious actor will begin the WhatsApp registration procedure on their own device, selecting the option that allows them to receive the one-time password (OTP) by voice call.

After obtaining the OTP, the malicious user can register the victim’s WhatsApp account on their own device and turn on two-factor authentication (2FA), which prohibits the account’s rightful owners from regaining access to it.

How To Prevent Call Hacking

Call forwarding is just one of the numerous ways malicious actors can breach someone’s phone. However, there is also SIM swapping, and phishing emails and text messages as methods of attack.

In addition, nowadays, threat actors now use public Wi-Fi networks. They can create fake Wi-Fi networks to lure users who are in need of an internet connection, and when victims connect through their network, it will lead them to phony sites that will help them launch an attack.

According to MUO, it is highly recommended for users to not connect to any Wi-Fi network to prevent hacking. It is also advised that users turn off hotspots in crowded places.

With the call forwarding strategy, users are advised to not permit any access from an unknown caller. In addition, it is worth remembering that the two-factor authentication can help users add in that extra layer of protection and security. However, in this case, users must use it wisely to their advantage instead of allowing this tool to launch a hack on their devices.

Reference: Go to Homepage ELAIN BROWN

  Posted by: @ESPYER

5 social monitoring tools great for OSINT

5 Social Media Monitoring Tools

In this article we’ll talk about the following social monitoring tools:
Hootsuite, Brand24, Mention, Sprout Social, Synthesio.
For each of these we’ll know the main benefits of using it, as well as reason to chose another tool, based on your needs! Here goes 🙂

Read More »
OSINT Investigating questions

OSINT for Businesses: A Guide to Conducting Due Diligence and Intelligence Investigations

In this article, we’ll explore how businesses can use OSINT techniques to gather information and conduct due diligence and intelligence investigations.

Open-source intelligence (OSINT) is the process of gathering information from publicly available sources to support decision-making and informed action.

For businesses, OSINT can be a valuable tool for conducting due diligence and intelligence investigations, providing a wealth of information on potential partners, competitors, and threats.
However, with the increasing use of artificial intelligence (AI) in online investigations, it’s important to know how to gather information while avoiding detection.

Read More »


A Revolutionary API to Check If Your Personal Information is Compromised.
Are you tired of constantly worrying about your personal information being compromised? Well, let me introduce you to ProfileNINJA, a one-of-a-kind API service listed on the RapidAPI marketplace.

ProfileNINJA takes the hassle out of checking if your personal information has been leaked by searching through databases linked to popular social media platforms like Twitter, Facebook, VK, Instagram, Telegram, and LinkedIn.

Read More »

People Data Lookup API

People Data Lookup API on RapidAPI is a service that allows users to search and retrieve information about individuals using phone number, email address, password, or full name. The API offers accurate and updated information that can be used for various purposes such as fraud detection, verification, and customer engagement. The service is accessible through RapidAPI, a platform that connects developers with over 16,000 APIs.

Read More »


With Shodan Exploit, you will have all your calls on your terminal. It also allows you to make detailed searches.
All you have to do without running Shodansploiti is to add shodan api.

Read More »