Back in 2018, you might have heard about ‘social hacking’ on WhatsApp that was letting attackers get easy access to your account. Well, it’s back.
With many people turning to WhatsApp to keep in touch over the coronavirus lockdown, hackers have wasted no time in leveraging this surge to gain access to user accounts. The process these hackers are using is called “social hacking” and all it needs is a six-digit security verification code that you receive via an SMS to activate your WhatsApp account.
This flaw has existed for some time though, and has recently re-emerged in places like the UK where WhatsApp adoption saw a spike over the last few weeks.
In this “social hacking” attack, attackers use an already hacked account to contact other victims pretending to be friends. This communication can take place on any social media account like Facebook, and the being contacted don’t necessarily need to have a WhatsApp account.
The attackers will pretend to not have received the security verification code on their number that is necessary to sign in again on WhatsApp and ask these friends for help. The attackers will tell these friends that since they could not receive the code on their numbers, they have sent it to their friends’ phone instead and ask them to send the code back to them.
The attackers use this opportunity to send the friends a six-digit code for activating their WhatsApp accounts. Once the unsuspected friend sends the code over, the attackers can log into their WhatsApp accounts while they get logged out.
Attackers will try to hack your account by reaching out to family and friends which makes this all the more dangerous. This 2018 hack has marked a comeback with the recent surge in WhatsApp usage. According to some reports, WhatsApp usage has shot up by 40% globally. The Telegraph reported that the attack has re-emerged in the UK.
WhatsApp has not provided a fix of any sort for the flaw related to the security code, however, they have advised users not to share the verification code with anyone no matter how many times or when you receive it.
WhatsApp also noted in a separate FAQ page that users can regain access to their accounts by re-verifying their phone numbers. This will log the attackers out and give back the original account owners access.
Additionally, a two-step verification process is also recommended to protect accounts from being hacked with just a security code.
You can enable this advanced protection layer on your WhatsApp by;
– Going to Settings
– Click on Account
– Click on Two-Step Verification
With this enabled, you will need a PIN to re-register your phone number with WhatsApp.