While many people have started using WhatsApp to remain linked to their loved ones during the coronavirus epidemic, some attackers are using the increase in their usage to quickly access user accounts. The process that attackers use to hijack WhatsApp accounts is known as “social hacking,” and it involves the six-digit security authentication code you get to trigger WhatsApp on your account via an SMS message. While the bug has been around for some time, it has recently re-emerged in places like the UK due to the rise in WhatsApp adoption.
The attackers use an already compromised account under the social hacking attack to contact victims as if they were recognized friends of theirs. Communication can take place via any social media site like Twitter and does not involve a WhatsApp account from friends.
The attackers say that they have not received the security authentication code on their number, which is compulsory for WhatsApp to register or sign in again, and inform victims that they have sent it to them as a result. We then ask victims to give them the code back.
In fact, what the attackers are sending to the users affected is the six-digit code to unlock their WhatsApp account. If the victims provide the attackers with the code, they will be able to easily access the Whatsapp account of the victims.
Actually the problem isn’t new as several media reported its presence back in 2018. However, the recent surge in the use of WhatsApp due to the coronavirus outbreak, which is estimated to have risen globally by 40 percent, has put the vulnerability back into the headlines.
The attack has re-emerged in the UK according to a story by English daily The Telegraph. Throughout the pandemic, it prevented some WhatsApp users from using the instant messaging app and allowed hackers to use the victims ‘accounts to message people.
WhatsApp has not received any patch for its security code-related bug. The Facebook-owned corporation has nevertheless told users not to share their security authentication code with others. In a separate FAQ tab, it has also noted that users can get their stolen account back by re-checking their phone number. This will automatically log out the user using the social hacking account
Moreover, users are advised to enforce the “Two-Step Verification” setting in order to prevent accounts from being accessed simply through the security code.
By Clicking on
– Two-Step Verification,
you can activate the advanced protective layer on your WhatsApp This will allow for a PIN requirement when your phone number is re-registered with WhatsApp.