International 
Politics 
Local 
Finance 
Sports 
Entertainment 
Lifestyle 
Technology 
Literature 
Science 
Health 
1 year ago
19
New warning as WhatsApp accounts targeted
AFP via Getty ImagesHere we go again — I have probably warned more about this account hacking threat than any other over the years, but it’s still ongoing and can still put a huge dent in your life. What makes this worse — much worse — is that you can easily protect your phone and WhatsApp account from these attacks. It takes less than a minute. Do it now before it’s too late.
A police force has just warned that “a rise in scammers is attempting to take over people's WhatsApp accounts.” This happens to be in the U.K., but it could be anywhere given WhatsApp is now installed on more than 3 billion iPhone and Android devices. These latest attacks are targeting groups — including students, health workers, religious and faith groups and businesses. The objective is to capture one account, and then attack the rest from there.
ForbesFBI Warns iPhone, Android, Windows Users—Do Not Install These AppsBy Zak Doffman
The attack itself has never changed. When you install WhatsApp on a new phone, you input your cell number and the platform sends you a one-time passcode to verify that the account can operate on that device. WhatsApp doesn’t check that the cell number associated with the account is the same as the cell number of the device. That means you can install any WhatsApp account on any phone — regardless of its number or even its geographic location.
As Meta CEO Mark Zuckerberg himself has just warned, the vulnerability in WhatsApp’s end-to-end encryption is the “ends.” While data can be locked down while in transit between devices, if a hacker can capture or control a device which is an end, then WhatsApp opens up. If that device is part of a group, then the hacker can access the group as well. This opens the threat of socially engineered attacks from a victim’s WhatsApp account against their contacts and groups.
As regards this latest police warning, BBC News reports that “an alert was pushed by the force after officers were made aware of stolen funds being converted into Nigerian currency... but this sort of crime could happen from inside the U.K. and abroad. The police said faith and religious groups in particular were a main target for scammers - often in large groups where each person may not know every single participant.”
So, here’s what you need to do if you haven’t already. First, go open WhatsApp, go to Settings-Account, and then ensure that two-step verification is enabled. This enables you to set a PIN of your own choosing — different to the one WhatsApp will send — which must also be entered by an attacker to take over your account. Second, set up a passkey from that same account settings tab if available. This links your login to the biometrics securing your iPhone or Android. And third, make sure you add an email address, which WhatsApp will then verify and which will help you recover your account if needed.
ForbesNew Hacking Disaster Warning For Gmail, Outlook, Apple Mail UsersBy Zak Doffman
“We've had reports of the person asking for codes in these groups having a picture in their bio of the organization logo so they think they are talking to someone they know and trust," Derbyshire police warned. "When that person has control, they are messaging in your name and image - they will go through friends and family asking to borrow money.”
You should know by now that you must never share a one-time code sent to your phone by SMS or even WhatsApp. There are countless socially engineered lures to trick users into sending these codes to someone they think they know but is actually an attacker using an already compromised account. But if you add the security settings above, it doesn't matter if you’re tricked into sharing a code. Your account is locked down to you.
English (US)