Amid the coronavirus outbreak when most people are in quarantine and working/studying from home, it was obvious that the use of messaging services like WhatsApp would be up worldwide. And with higher usage comes higher risk of becoming a target of phishers and scammers.
That being said, a WhatsApp hack that has been in the news for about a year now has not only returned but is also witnessing steady growth. What’s concerning is that it is very easy for hackers to convince their victims into falling for this trick.
So basically what happens is that when you install WhatsApp, you receive a six-digit code via SMS (on the number used for creating a WhatsApp account). Entering that code activates your account. How hackers use this method to their advantage is that they make use of an already hacked account (WhatsApp or Facebook) to message a victim’s friend.
The attacker (pretending to be the victim) then explains to the friend that they are having difficulties in receiving a six-digit code. So, they had to “choose” the option of sending the code to their friend. This code is actually the WhatsApp verification code for the friend's account! Once they tell the attacker the code, their account is compromised.
Even though the hacker won’t be able to restore messages from the backup, they will be able to access the groups their victim is a part of as well as the new messages they get.
So, how do you save yourself from this kind of attack? It’s pretty simple actually. For starters, never send a six-digit code that you receive to anyone, no matter what they say. But even if you have done so, there’s a solution that will protect you from this attack.
You should know that the six-digit code you receive as an SMS while setting up your WhatsApp account is sent by the messaging service itself. Additionally, WhatsApp allows you to set up a six-digit PIN for added security. The PIN and verification code are separate and you shouldn’t get confused between the two.
In order to make use of this “Two-Step Verification”, you can head over to Settings and find this option in “Account”. You can set it up quickly. It even allows you to backup your email address. Every time you switch phones or mostly when you use the app, you will be asked to enter the PIN.
Screenshot: Twitter / KhabirM.
In short, this verification method makes it a must for you to enter your six-digit PIN after every attempt you (or anyone else) make to verify your phone number on WhatsApp. What this means is that there is absolutely no way for the hacker to execute the above-mentioned attack by simply entering the six-digit code sent via SMS.
Even though WhatsApp is secure and has end-to-end encryption enabled, it is your responsibility to make use of all available resources to secure it.
Also, if you have already fallen for this hack attack, just reinstall WhatsApp and request a new activation code. This will help you restore your account, but it can take some time to function. Once you get access to your account, immediately set up a six-digit PIN and secure your app from further attacks.
Read next: YouTube Accounts Hacked for Fake Microsoft Cryptocurrency Scam
That being said, a WhatsApp hack that has been in the news for about a year now has not only returned but is also witnessing steady growth. What’s concerning is that it is very easy for hackers to convince their victims into falling for this trick.
So basically what happens is that when you install WhatsApp, you receive a six-digit code via SMS (on the number used for creating a WhatsApp account). Entering that code activates your account. How hackers use this method to their advantage is that they make use of an already hacked account (WhatsApp or Facebook) to message a victim’s friend.
The attacker (pretending to be the victim) then explains to the friend that they are having difficulties in receiving a six-digit code. So, they had to “choose” the option of sending the code to their friend. This code is actually the WhatsApp verification code for the friend's account! Once they tell the attacker the code, their account is compromised.
Genuine warning.— Alex Deane (@ajcdeane) March 28, 2020
A friend messages saying they’ve mistakenly sent you their WhatsApp code, please send it to them.
It is YOUR code. You send it, they hack your account.
Has happened to several friends today.
Even though the hacker won’t be able to restore messages from the backup, they will be able to access the groups their victim is a part of as well as the new messages they get.
So, how do you save yourself from this kind of attack? It’s pretty simple actually. For starters, never send a six-digit code that you receive to anyone, no matter what they say. But even if you have done so, there’s a solution that will protect you from this attack.
You should know that the six-digit code you receive as an SMS while setting up your WhatsApp account is sent by the messaging service itself. Additionally, WhatsApp allows you to set up a six-digit PIN for added security. The PIN and verification code are separate and you shouldn’t get confused between the two.
In order to make use of this “Two-Step Verification”, you can head over to Settings and find this option in “Account”. You can set it up quickly. It even allows you to backup your email address. Every time you switch phones or mostly when you use the app, you will be asked to enter the PIN.
Screenshot: Twitter / KhabirM.
In short, this verification method makes it a must for you to enter your six-digit PIN after every attempt you (or anyone else) make to verify your phone number on WhatsApp. What this means is that there is absolutely no way for the hacker to execute the above-mentioned attack by simply entering the six-digit code sent via SMS.
Even though WhatsApp is secure and has end-to-end encryption enabled, it is your responsibility to make use of all available resources to secure it.
Also, if you have already fallen for this hack attack, just reinstall WhatsApp and request a new activation code. This will help you restore your account, but it can take some time to function. Once you get access to your account, immediately set up a six-digit PIN and secure your app from further attacks.
Read next: YouTube Accounts Hacked for Fake Microsoft Cryptocurrency Scam
