There’s been a spurt of social media app hacks recently, so here’s a quick heads up on how NOT to fall for this one. If you get a message from a friend on Whatsapp that looks something like this:
DO NOT RESPOND!
Rest assured, this is a hacker at play.
NEVER share a Whatsapp 6-digit code or PIN with ANYONE. Call or SMS the person you received this message from immediately to alert them that they have been hacked. Chances are if you have gotten this message from them, the hacker now has control of their Whatsapp account, so will be able to see any new Whatsapp messages sent to them. So only alert them via a phone call or SMS.
In the event that you have sent the code across thinking it was genuinely your friend – DON’T PANIC!
Uninstall Whatsapp and reinstall it. When it asks you to verify your phone number and send yourself an SMS code (or call to verify it is you) follow the instructions. It may put a minimum time you have to wait for the code to be sent—somewhere between 2-12 hours.
During this time, the hacker will have access to all your Whatsapp groups (as they are stored on the cloud) and anyone who messages you during that time. They will then attempt to send the same message to all the contacts in those groups. So if this happens to you, call/SMS your friends immediately to let them know your account has been hacked.
Keep in mind that if the hacker sees one of your friends alerting your groups about the hack via Whatsapp, they are likely to remove them from the groups. So, try to use another means of communication.
The good news is that no legacy data from your Whatsapp is compromised, and the targeted device is untouched. You’ve essentially been ghosted onto the hacker’s device.
The fact is the direct risk isn’t even to you if you’ve been hacked; it’s to your friends! Because they could get messages asking for emergency help or money or anything really! It’s also because we’re mentally wired now to trust platforms with “end to end encryption” and let our guard down to messages from trusted friends. (Much more than that email to send $1000 to an account in Nigeria or a random bulk SMS.)
In some cases, the hackers are also just sending random emojis to people in your phone, hearts and such! (So I’m guessing this hacker is a little emo too lol.)
Anyway, once you are back in your phone, go set up your two-step verification IMMEDIATELY to prevent further hacks and NEVER share either your Whatsapp code or this secret PIN with anyone again.
Note: In case the hacker has activated two-step verification after getting into your WhatsApp account you will be asked to enter that code. Since you don’t have it, you’ll have to wait for 7 days to recover your account. But on the upside, while you wait, the hacker will no longer have access to your account.
We all tend to use Whatsapp web these days too. As you know you have to scan a QR code from your mobile phone for this. If anybody asks to scan a QR code shared by them through Whatsapp, DON’T DO IT. Check whether Whatsapp Web is running on any other computers via your account. If you have not authorised those delete them immediately by selecting ‘logout from all connected devices’.
What I found particularly intriguing and effective about this hack was the personal nature of the messages and use of emojis. We don’t expect bots to do that so are more trusting I suppose. Isn’t that interesting? Also in some cases, the hackers had full-fledged conversations with the unsuspecting friends of the victims continuously urging them to share their codes. I’ve even heard of cases where the friend knew it was a hacker and was keeping them engaged in conversation while the person attempted to recover their account!
Finally, I just want to say, don’t feel too stupid, a lot of people have fallen for this because of the personal nature of the texts. But do share this blog with all your friends and family to alert them of this threat and encourage them to set up their two-step verification right away.
(It’s too soon to make a phishing joke or ask you to send me a PIN, so I’ll resist the urge.)