Hackers Gain ‘Full Access’ To Accounts

The attack works like this: You will receive a text of other type of message linking to a Facebook post. The message itself will say something like “I just found this photo of you” or “you’ve been tagged in thus photo.” Anything to trick you into a click.
The link takes you to a fake Facebook page with a verification challenge to access the photo you want to see.

You enter your phone number into the fake Facebook page and you’re told you will be sent a code.

That code is actually a pairing code from WhatsApp. With that in hand, the attackers create a new linked device on your account.
Cybersecurity News says “the attacker now has persistent access to all historical conversations, incoming messages, photos, videos, and sensitive information,” and the “persistent nature of this access makes the attack particularly dangerous.”
It’s easy to prevent this attack.

Do not share or enter codes in this way ever. Just as critically, open WhatsApp and tap through to Settings > Linked Devices regularly. If you see any device you don’t recognize, tap on it and Log Out. If you’re not sure, just log out. You can always relink the device later if you make a mistake.
WhatsApp warns users to ensure two-step verification is enabled and only to link to officially supported services and not to take any risks with connections such as this.

It also tells users not to share details with people you don’t already know. Its three watchwords for users to stay safe are: Pause. Question. Verify.

Other related sources and context: Check here