WhatsApp hijack and blackmailing

The recent extortion of a few people through their compromised WhatsApp accounts has put the spotlight back on a hacking tool that had surfaced less than two years ago: using a WhatsApp account to start a chain blackmailing and phishing scam.WhatsApp is now an inbuild application in most of the mobile phones it gives an ease of sending messages, videos, photos, calling and even sharing documents. Hackers have always been ahead to gain access to these applications. This time hackers have gained access to whatsapp and are blackmailing with some personal photos and chats after gaining access to these aplications .Recently Maharashtra Cybercell has issued an advisory for WhatsApp users, alerting them about a recent modus operandi used by hackers for gaining access to WhatsApp accounts.

Let us see how it works. 

When a WhatsApp user changes their phone, he/she will have to verify that the new device is linked to his/her mobile number. This is done through WhatsApp verification code. The hacker knows the user’s mobile number and this whole series of attacks begins with one person (Mr P). If Mr P shares his WhatsApp verification code, he allows the hacker to gain access to his account.
Once Mr P’s account is hacked, the hacker gets access to all his contacts as well as groups. A chain reaction begins after this. Knowing that Mr K is the most contacted person from Mr P’s list, the hacker impersonates Mr P and convinces Mr K that his WhatsApp verification code is not reaching him, so he has sent the code to Mr K’s phone. Mr K falls for the trap without realising that it is his own verification code. As he shares the code, the hacker hijacks his account also.

Once the hijacker gains control of your WhatsApp account, it becomes an extortion tool. By impersonating you, the fraudster can threaten to post obscene photographs on your groups, and also convince your contacts to share their verification codes under some pretext, thereby allowing their accounts to be hacked. “The scamster can also trick a user’s contacts by impersonating him/her and ask for money, citing distress, and access banking information if it is already shared in previous conversations”. 

How can we protect ourself from these hijacks

The cybersecurity agency has advised people to not share their WhatsApp verification code with anyone whatsoever. If you share the verification code, then immediately re-verify your WhatsApp account. Further, users are also advised to activate 'two-step verification' for enhancing the security of their WhatsApp accounts and do not open links sent by unknown people .Always use two-step verification an optional feature that adds more security to your account. When you have two-step verification enabled, any attempt to verify your phone number on WhatsApp must be accompanied by the six-digit PIN that you created using this feature that secures your account from hijack.