Our use of messaging applications has soared through isolation and the information overload that has accompanied the coronavirus pandemic. And no platform has seen a greater surge in messaging than market leader WhatsApp—usage is up more than 40% across the world, and in some markets even more than that.
It is now clear that the unprecedented public health emergency we are living through has also seen a surge in cyber crime. Every imaginable scam, from phishing to malware, and from delivery hijacks to counterfeits, has grown exponentially in recent weeks. It’s a trend that shows no signs of abating.
And so it comes as little surprise that an alarming WhatsApp hack that has been going around for a year is now back and experiencing a new surge. The bad news is that this is stupidly simple for a cyber criminal to execute, and it seems people fall for it in their droves. The good news is that the fix is guaranteed and will take you less than two minutes. I set out how that works below—you need to do it now. Recommended For You-
- Microsoft Edge Beats Google Chrome With This Brilliant New Feature
- Google Forms Used In Password-Stealing Spree: What You Need To Know
- Huawei’s New ‘Fight’ With Google To Beat Android Is Suddenly More Threatening
But, first, let’s look at how this hack works. It’s very simple. When you install WhatsApp on a new phone, the platform asks for the phone number of the account, which you enter, and then it sends an SMS one-time code to that number. That proves you have the number in your possession. Once you enter the right code, the phone starts to receive WhatsApp messages for that account.
With this hack, the attacker uses an already hijacked account to contact a victim’s friends. This doesn’t have to be a WhatsApp account—Facebook would do fine. In their message, the attacker tells the victim’s friend they are having issues receiving a six-digit code, and so had it sent to their friend instead—please send it back. That six-digit code is the WhatsApp verification code for the new victim—by sending it to their friend they are really sending it to the attacker.
PROMOTED Jumio BrandVoice | Paid Program Why Digital Onboarding And EKYC Are Key To The Insurance Sector’s Success Teradata BV BrandVoice | Paid Program After Covid, Is The Transport And Logistics Industry An Open Goal For Dominance By Data Giants? Grads of Life BrandVoice | Paid Program Creating A Culture Of Inclusivity: A Spotlight On Atlassian & Genesys Works
Once done, their own WhatsApp is hijacked. It is as simple as that.
The usual intent of the attack is to use a hijacked WhatsApp account to ask for money, to claim an emergency or an account lock-up, and to ask friends to help out. With WhatsApp, there is no risk that backed up messages can be hijacked, but the attacker will see the groups you are in and the new messages you receive. It is a crude attack, but it has proven exceptionally effective. This is social engineering at its best—we are coded to trust and help out our friends.
The most obvious advice is NEVER to send a six-digit SMS to anyone for any reason. There have been other attacks covering other platforms using the same method. When a code is sent to your phone it relates to your phone. But there is a fix here that will protect your WhatsApp, even if the SMS code was sent onward. This fix will ensure you can’t fall victim to this crime.
The code sent by SMS when you set up your WhatsApp account on a new phone comes directly from WhatsApp itself. The platform sets the code and sends it to you. But there is a totally separate setting in your own WhatsApp application that allows you to set your own six-digit PIN number. There is some confusion because these are both six-digit numbers—but they are entirely separate.
Most people have still not set up this PIN number—the “Two-Step Verification” setting can be accessed under the Settings-Account from within the app. It takes less than a minute to set up. The PIN is for you to select, and even has the option of a backup email address. WhatsApp will ask you for the PIN when you change phones and also every so often when you’re using the app, that’s how secure it is.
As WhatsApp explains, “when you have two-step verification enabled, any attempt to verify your phone number on WhatsApp must be accompanied by the six-digit PIN that you created using this feature.” In other words, the hack will not work.
I first covered this hack back in January, and was amazed at how many people did not use this basic security feature—I suggested to WhatsApp that it needs to be better advertised and I retain that view. WhatsApp is secure and encrypted, but there is no way for the platform to protect users who don’t secure their own app.
In the meantime, if you have been the victim of this hack, reinstall WhatsApp and ask for a fresh activation code. That will reset the app on your phone. It may take some time to work. I have received reports of users not being able to easily restore a hijacked account, although it is just a matter of time. Once you do restore your account, set up a PIN right away. That way, you will not be caught twice. Follow me on Twitter or LinkedIn.
I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection of geopolitics and cybersecurity, and analyze breaking security and surveillance stories. Contact me at firstname.lastname@example.org.
How to know if my WhatsApp account has been hacked How To Know If My WhatsApp Is Hacked android iphone ios What To Do If Your Whatsapp Account Gets Hacked How to secure your WhatsApp from getting hacked android iphone ios samsung xiaomi lenovo vivo opposé moto micromax nokia Apple Honor HTC Index LYF ASUS LG LAVA Karbonn Yu Motorola Blackberry XOLO Huawei google Please Subscribe my Channel : https://www.youtube.com/channel/UC2QX… More related Videos https://www.youtube.com/watch?v=AKCb5… How To Read Deleted Whatsapp Messages Without Any Other App 2019 https://www.youtube.com/watch?v=zfVQQ… How to read Whatsapp Deleted Messages 2019 https://www.youtube.com/watch?v=DYAlU…