Criminals are targeting WhatsApp users, taking over accounts and trying to defraud or hack their friends too.
How the hack works
The criminals abuse the legitimate process of transferring a WhatsApp account from one phone to another. They use an already compromised account to message the account owner’s contacts. The criminals impersonate the owner of the hacked account and usually claim that they are having problems receiving a six-digit code, and asking if they can send it to the friend instead (or that they have sent it to them by accident) they then request the friend tell them the code or forward it on to them. The code is the WhatsApp verification code for the new victim—by sending it to their friend they are really sending it to the criminal who is then able to transfer the new victims WhatsApp account to the criminal’s phone.
What follows next is normally the criminal impersonating the victim and requesting money from their contacts (usually for an emergency but always on the promise of being repaid) or the criminal will use the compromised account in the same manner as before to hack more and more accounts.
No matter the claim, you should never share your WhatsApp SMS verification code with others, not even friends or family. Sharing codes can cause you to lose your account.
If you’re unfortunately tricked into sharing your code and lose access to your WhatsApp account, read the instructions below on how to recover your account.
Please note, WhatsApp is end-to-end encrypted and messages are stored on your device, so someone accessing your account on another device can’t read your past conversations. But they will be able to read and reply to any new messages you receive and post in any groups you are a member of.
How to protect yourself
- If you receive a suspicious or unexpected message from a friend or “mutual” on WhatsApp (or any social media), contact them via other means to check the message is genuine.
- Never share any codes or pin numbers.
- Set up 2 factor authentication (2FA) It’s quick and easy to set up and adds another layer of security to your account.
WhatsApps website https://faq.whatsapp.com/general/verification/about-two-step-verification gives a guide on how to turn on 2FA – open WhatsApp > Settings > Account > Two-step verification > Enable.
- Don’t give your login details (email/number & password) to anyone. Only enter your login details on the official website or app.
- Be extremely weary of sharing your phone number or email address over social media. / Instant messaging.
- Always double check friend requests or “being added” by contacts and don’t accept them from people you don’t know.
- Always challenge requests for your information.
How to recover your account;
Sign into WhatsApp with your phone number and verify your phone number by entering the 6-digit code you receive via SMS..
Once you enter the 6-digit SMS code, the individual using your account is automatically logged out.
You might also be asked to provide a two-step verification code. If you don’t know this code, the individual using your account might have enabled two-step verification.
You must wait 7 days before you can sign in without the two-step verification code. Regardless of whether you know this verification code, the other individual was logged out of your account once you entered the 6-digit SMS code.
More information can be found here; https://faq.whatsapp.com/general/account-and-profile/stolen-accounts/
How to update WhatsApp
You should keep WhatsApp (and any other apps on your smartphone) up to date.
Download software updates as soon as they are available, these are normally security updates which are fixing potential vulnerabilities in the apps software.
Visit the play store, click on menu and choose ‘My apps and games’. Tap update next to the WhatsApp messenger.
Visit the app store, click updates and refresh. Tap update next to the WhatsApp messenger
Windows Phone 8.1
Visit the store and select menu. Click on ‘My apps’ and select WhatsApp to update.
Windows Phone 10
Visit the Microsoft store and click on ‘Menu’. Select ‘My Library’ and tap ‘Update’ next to WhatsApp.