While several people have started using WhatsApp during the coronavirus outbreak to stay connected with their loved ones, some attackers are leveraging the surge in its usage to simply gain access to user accounts. the process that attackers are using to hijack WhatsApp accounts is thought as “social hacking,” and it requires the six-digit security verification code that you receive via an SMS message to activate WhatsApp on your account. Although the flaw has existed for some time, it’s reportedly re-emerged in places like the uk thanks to the increase in the adoption of WhatsApp.
Under the social hacking attack, the attackers use an already hacked account to contact victims as if they’re their known friends. The communication can happen through any social media platform like Facebook and doesn’t require the friends to have a WhatsApp account.
The attackers pretend to have not received the safety verification code on their number that’s mandatory for registering or signing in again on WhatsApp and tell victims that, thus, they’ve sent it to them. They then ask the victims to send the code back to them.
In reality, what the attackers send to the affected users is the six-digit code for activating their WhatsApp account. Once the victims provide the code to the attackers, they’ll be able to easily gain access to the victims’ WhatsApp account.
The issue isn’t actually new as some reports have mentioned its existence back in 2018. However, the recent surge in WhatsApp usage thanks to the coronavirus outbreak that’s believed to have increased by 40 percent globally has brought the flaw back within the news.
According to a report by English daily The Telegraph, the attack has re-emerged within the UK. It restricted some WhatsApp users from using the moment messaging app during the pandemic and allowed hackers to message people using the victims’ accounts.
WhatsApp hasn’t provided any fix for the flaw related to its security code. However, the Facebook-owned company did advise users to not share your security verification code with others. it’s also noted in a very separate FAQ page that users can go back to their stolen account by re-verifying their phone number. this can automatically log out the individual using the account through the social hacking process.
Users are additionally recommended to implement the “Two-Step Verification” setting to protect accounts from being accessed simply through the security code.
You can enable the advanced protection layer on your WhatsApp by going to Settings > Account > Two-Step Verification. this will enable the need of a PIN when re-registering your phone number with WhatsApp.