Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
As one of the world’s leading instant messaging platforms, it’s no wonder WhatsApp is a frequent target for hackers. As such, you will want to understand how your WhatsApp account can be hacked, and take serious steps to protect your WhatsApp account, messages and personal data.
1. Install Malware
Sometimes, a hacker doesn’t need to hack your WhatsApp account directly. Sometimes, you just need to get an unfortunate malware on your device and have it do all the heavy lifting instead.
Someone can access your WhatsApp messages with malware in a few ways. Malware with keyloggers can run silently in the background and record what you type. This includes everything you send to your friends, but it can also contain data such as usernames and passwords entered.
Some malware will instead harvest your messages directly. This includes malware that goes through your WhatsApp conversations and sends them back to the hacker, but it can also include viruses that hack a phone’s screen recording feature and use it to take videos of what you’re looking at. If you happen to be chatting with someone while the malware is recording you, the cybercriminal can see what you’re discussing.
2. Call Forwarding Scams
While the malware is more about monitoring your messages, there are ways in which a hacker can have direct access to your WhatsApp account. These usually involve tricking to give the hacker the means to break your account’s two-factor authentication (2FA).
By far, the easiest way a hacker can crack your account’s 2FA protection is to have WhatsApp send them login codes instead of you. One of WhatsApp’s 2FA methods gives you a login code on the phone, so hackers can use call forwarding to redirect the call to them.
To achieve this, the scammer convinces you to enter a Man Machine Interface (MMI) code that redirects your calls to them. There are many tricks they can use, but the most common method involves convincing them that you need to call someone and then passing the MMI code as their phone number.
Once call forwarding is set up, the cybercriminal can access your account and opt for a voice call for the 2FA code. WhatsApp tries to call you, but it is forwarded to the scammer, who accesses your login code.
3. Social Engineering for Login Codes
Cybercriminals can also obtain 2FA login codes by asking for them. Of course, they often claim that it’s something else and not the only thing that prevents them from accessing your account, but they still have to ask.
This specific attack targets SMS-based 2FA codes, where WhatsApp sends you a six-digit number that you enter in the app to log in. anything else and I ask you to pass it on.
A campaign reported by the Nottinghamshire Police in the UK saw scammers telling their victims that the six-digit code was actually a passcode for an important video call. People would send the code, thinking it would leave them in a special group, not knowing that the person on the other end of the phone was about to make out with their account.
4. Fake WhatsApp Web QR Codes
When you want to use WhatsApp Web, you must scan a QR code with your phone. Unfortunately, cybercriminals have found a way to hack this process and produce fake WhatsApp Web websites that display malicious QR codes. Once scanned, the scammer accesses your account.
The Straits Times reports that this scam starts with a web search for WhatsApp Web. Usually, the official WhatsApp web page is the top result, but scammers are good get fake websites to the top of search engine results. And because people usually trust the first result, they click on it without realizing that they have entered a trap.
The fake website looks identical to the WhatsApp Web, except that it has a malicious QR code that can steal people’s accounts. Some people do not even realize that they have transmitted their data after scanning the code, since there are no obvious hints about what happened, unless they log into WhatsApp Web.
How to stay safe from WhatsApp Hacking
There are many ways that people can access your account and messages. Fortunately, you can take several steps to prevent them from entering.
Never give login or 2FA codes to anyone
It is very important not to give out your login codes, no matter what the cybercriminal says. Login codes sent via SMS usually come with a message saying what it is, and some will even ask you not to share it with others. Therefore, be sure to double check what you are sending before following the instructions.
Think before you follow any instructions given
While we’re on the subject, it’s a good idea to stop and think before following the instructions. Did anything the person asked make you feel “off?” If so, it is worth handling the situation with extreme caution.
For example, if someone asks you to call a number, and the number they give you contains hash symbols, asterisks, or greater-than-less symbols for some reason, it would raise alarm bells in your head These symbols denote an MMI code, which means the scammer is trying to set up port forwarding on your phone.
Install a good antivirus for the phone
If you are concerned about malware, make sure your phone has a good antivirus installed. Some phones come with their own antivirusbut if it is not, you will have to grab one from the App Store of your phone.
Visit the official WhatsApp website directly
If you want to use WhatsApp Web, always make sure to visit this URL: https://web.whatsapp.com/. You can bookmark it to visit later, or you can manually enter it in your address bar – it’s pretty easy to remember. By doing this, you know that you will always reach the official WhatsApp website.
If you can’t break the habit of searching for WhatsApp Web every time you want to use it, double-check the URL you click. Do not blindly trust the first result; double check the URL before scanning anything on the web page. You may be at risk of losing your account if it says something different from the URL above.
