How to prevent your WhatsApp account from being hacked
The Cyber Security Authority (CSA) says it has noticed increased incidents of individuals falling victim to social engineering and sharing their WhatsApp verification codes with malicious actors, leading to unauthorised access and account takeover.
The CSA has said 187 reports have been recorded as of April 2024, equaling what was recorded for the entire year of 2023.
Advertisement
PUBLIC ALERT
Surge in WhatsApp Account Takeovers
1.0 Background
The Cyber Security Authority (SA) has noticed increased incidents of individuals falling victim to social engineering and sharing their WhatsApp verification codes with malicious actors, leading to unauthorised access and account takeover. One hundred and eighty-seven (187) reports have been recorded as of April 2024, equalling what was recorded for the entire year of 2023.
2.0 Modus Operandi
- Malicious actors disguise themselves as familiar contacts or authoritative figures (typically as administrators of Groups the eventual victim is part of).
- They craft persuasive messages to lure their targets to disclose their verification code. Some of these methods are:
Notifying the victim through text messages about an ongoing upgrade on their group platforms and requesting the victim to share the code that will be sent to them.
Calling the victim to inform them that a security code has been sent to prevent their account from being hacked and requesting the victim to share that code.
Informing the victim that they (the victim) have received a mobile money transfer and that they must reveal the code the perpetrator sent to access the funds.
Sharing URLs in WhatsApp groups and instructing group members to dick on them to update their information by providing the code that will be sent to them.
- Once the code is shared, the victim's account is compromised opening the door to unauthorised access and account takeover.
- The malicous actors then impersonate the victims and defraud their contacts.
In some cases, the malicious actors perpetrate Subscriber Identity Module (SIM) Swap fraud wherein, they impersonate the eventual victim to a mobile network operator and acquire a new SIM card. The victim loses the ability to communicate altogether, while the malicious actors potentially also gain access to one-time passwords (OTP) and mobile wallets.
3.0 Recommendation
- Never Share Verification Codes: Treat your verification code like a password; share it with no one.
- Enable Two-Step Verification: This adds an extra layer of security to your WhatsApp account. To enable it, go to WhatsApp > Settings > Account > Two-step verification › Enable.
This will prompt you to create a six-digit Personal Identification Number (PIN) that will be required periodically and whenever you register your phone number with WhatsApp again. Keep this PIN confidential. - Educate Friends and Family: Share this information with your friends and family, especially those less familiar with online scams. Awareness is crucial in preventing such incidents.
The CSA has a 24-hour Cybersecurity/Cybercrime Incident Reporting Points of Contact (PoC) for reporting cybercrimes and for seeking guidance and assistance on online activities. Call or Text - 292, WhatsApp - 0501603111 or Email - Leport@csa.gov.gh
Issued by the Cyber Security Authority
May 27, 2024
Ref: CSA/CERT/MPA/2024-05/01
Advertisement