WhatsApp Hacking
WhatsApp Hacking

What is WhatsApp Hacking?

WhatsApp hacking is gaining unauthorized access to a WhatsApp account without the owner’s permission.

This type of hacking has become very popular around the world recently. In Ghana for example, a decent number of people has been affected with WhatsApp hacking and more are being affected each day.

This post is to serve as cyber security awareness on WhatsApp hacking. If you use WhatsApp or have a friend who uses WhatsApp then this article is all that you need.

Methods of Hacking WhatsApp Account

Method 1: WhatsApp Account Transfer Attack

In WhatsApp account transfer attack, attackers try to transfer a WhatsApp account from the owner’s phone onto their own phone and get access to the victim’s messages, contacts and other personal information.  In addition, the attacker can use an already compromised phone to attack other numbers from the victim’s contact.

Attackers Tactics and Techniques

In WhatsApp hacking, attackers mostly combine Phishing and Vishing social engineering techniques to get their victims to fall prey to their attacks.

The following are some of the techniques used:

  • An attacker will initiate a transfer of the victims WhatsApp account. The WhatsApp application will assume the transfer as a legitimate transfer and then send a six-digit code to the victim’s mobile phone for a confirmation. Once the attacker realized the code has been sent to the victim, he follows it up with vishing phone call. The content of the phone call might differ but here are few that have been witnessed.
  • “Hello, please are you doing your national service?” If the victim answers yes, then the attacker continues by saying: “National service is removing inactive participants from their platform. To confirm that you are still active, a code has been sent to your phone. Kindly mention them to me.” After receiving the code from the victim, the attacker transfers the WhatsApp account from the victim’s device.
  • “Hello, please a code meant for me has been mistakenly sent to your number, kindly mention them to me”.
  •  “Hello Paul, I am struggling to receive a code for my WhatsApp account, please I have directed it onto your phone, kindly mention them to me.”
  • An attacker posts a cheap offer such as data bundle or an electronic product. When the victim make payment to him. He deliberately refuses to send the product to the victim. He later calls the victim and tells him of having a challenge in sending the product. He will then tell him a code will be sent to him and he will have to send him that code. After receiving the code, the victim will have his WhatsApp account hacked in addition to his money stolen.

After the first victim is hacked, the attacker mostly impersonates the victim and uses the compromised WhatsApp account to attack others on the victim’s contact list. This means that when one person is attacked, all in his contact list are at risk. Hence, there is the need of protecting oneself against WhatsApp hacking.

Method 2: Link Device Attack

In this type of WhatsApp attack, attackers link their device to the victim’s WhatsApp account using the Linked devices option in WhatsApp application. By linking his device with the victim’s the attacker is able to get a copy of the victim’s WhatsApp account including his messages, communications and all other personal information. This attack can only be performed when the attacker get physical access to the victim’s phone.

Method 3: WhatsApp Smishing Attack

Smishing is sending SMS message to a person to deceive him divulge confidential or private information to you. This also includes deceiving a victim to click on a link which compromises his system.

WhatsApp Smishing is performing Smishing attacks through WhatsApp.

In this type of WhatsApp Smishing, the attacker sends a message to the victim through WhatsApp. The message may include a link to malicious website, a malicious APK file, a location tracker, Rootkit or an image with embedded rootkit. If the victim clicks on the message, the information needed by the attacker is sent to him. If it is a rootkit, then the attacker gets complete access to the victim’s phone including his WhatsApp account.

Method 4: WhatsApp APK Trojan Horse

Trojan horse is malicious software that misleads it users of its true intent by disguising itself as a standard application.

In WhatsApp attack Trojan horse attack, the attacker embeds malicious code into a WhatsApp APK and sends it to their victims. If the victim installs the APK, the attacker gets access to all his WhatsApp messages and any other information which the rootkit was created to fetch. Most often the victim will use his WhatsApp application without knowing it is a malicious application.

WhatsApp Hacking Countermeasures

How to Protect Yourself against WhatsApp Hacking

  • Never share WhatsApp code with anyone; not even your close friend.
  • Never respond to phone calls that demands WhatsApp code or any secret code from you.
  • Activate 2 Factor Authentication on your WhatsApp Account.
  • Protect your phone from getting into the hands of others.
  • Protect your phone and WhatsApp with password.
  • Don’t click on a link in WhatsApp messages.
  • Never install an APK sent to you through WhatsApp. Always install application from the right source such as Google Play Store or App Store.
  • Always make sure your WhatsApp application is updated.

How to Protect Others against WhatsApp Hacking

  • Never share links and APKs received from others with your friends.
  • Inform everyone on your contact list if your account is hacked and tell them to do same.
  • Help your friends and family against WhatsApp attack by paying attention to cyber security awareness trainings such as this article.
  • Lastly always help your friends to learn about WhatsApp hacking countermeasures. You can direct them to this article.

How to Recover Your WhatsApp Account When Hacked

To recover your WhatsApp Account, you should transfer the WhatsApp back from the attacker’s device.

Follow this procedure:

  1. Open your WhatsApp and enter your phone number when you are asked to do so.
  2. A six-digit code will be sent to you through SMS, enter it to verify your phone number.
  3. After entering your code, the attacker will be logged off and your WhatsApp account will be working on your phone.
  4. You have successfully recovered your account.
  5. To protect your account from being hacked again, it is advisable to enable 2 Factor Authentication on it.

Note: Sometimes when you try to recover your account, you will be asked to provide two-step verification code. If you are not the one who set it and therefore does not know the code, it means the attacker has enabled 2 Factor Authentication on your WhatsApp. To be able to recover it without entering the verification code, you have to wait for 7 days. After the 7 days, follow the steps above to recover your account. You will not be asked to provide the two-step verification code.

1 Comment

Avatar
Joseph Jerry Hanson Jnr
May 25, 2023

This is good for everyone to know. Thanks Cyber Master for the cautions and tips.

Reply

Post comment

Your email address will not be published. Required fields are marked *