WhatsApp account hijackings are a constant risk to users, including South Africans who use the messaging app.
According to reports from a local IT industry player, he has seen a rise in WhatsApp attacks of late, based on feedback he has received from associates.
This has resulted in three contacts from one WhatsApp group having their accounts compromised this month alone.
The angle of attack: the SMS recovery code.
The attack method involves an attacker installing WhatsApp on their device and then registering a victim’s phone number as the number of the account.
WhatsApp has measures in place to prevent this type of hijacking, and sends an SMS with an account verification code to the cellphone number in question.
This ensures that the user with control of the cellphone number can access the code and act accordingly.
However, attackers use social engineering to convince the victim to send them the SMS verification code so they can hijack the WhatsApp account.
WhatsApp states on its website that it you receive a verification code and did not request it “someone entered your number when trying to register in WhatsApp”.
“Without the verification code, the user who is verifying the number will not be able to complete the verification process and use their WhatsApp with that number,” states WhatsApp.
The company goes on to state that it does not have “any information related to the individual who is attempting to verify your WhatsApp account”.
If you receive a message asking for a WhatsApp verification code you have just received – after not requesting a code or attempting to set up WhatsApp on a new device – the obvious step to take is to ignore the message.
If you are concerned about falling victim to this attack, however, you can enable two-step verification (2FA) on your WhatsApp account to protect it.
This lets you set a code which will be required – in addition to the verification code – to set up WhatsApp on a new device.
To enable 2FA on your account, open WhatsApp and got to Settings > Account > Two-Step Verification > Enable.
This does not close all attack vectors, though, and if a friend, colleague, or family member’s WhatsApp account is compromised the attacker may attempt to target you by posing as one of your contacts – as they will have control of their WhatsApp account.
If you suspect that one of your contacts has been compromised, check if their WhatsApp encryption security code has recently changed. You can also call the contact – using a cellular call – to ask if they have sent the questionable WhatsApp messages.
The IT industry player told MyBroadband that of the contacts who had their accounts hijacked, one was able to reclaim their number after mailing WhatsApp several times and explaining their situation.
If you are in need of WhatsApp support, you can contact the company via its support page.