Hijacked Whatsapp Accounts- Protect Yourself!

Sometimes the simplest scams are the most effective.

Hackers managed to hijack victims’ Whatsapp accounts using mobile companies call forwarding services to pick up a Whatsapp OTP (one-time passcode) via a voice message. 

Lying at the root of the issue, is the ability to perform social engineering on victims.  Understanding the method the hackers use can help you to protect yourself against being scammed.

  • In order to have the call forwarded to the hackers phone, the victim needs to be convinced to dial the number which activates call forwarding. 
  • Each mobile provider has an MMI code (Man Machine Interface code) in place that enables call forwarding when dialed. If the hacker can convince the victim to dial that code followed by a phone number of the hacker’s choice, all calls will be forwarded without the victim’s knowledge.
  • These codes will typically begin with *# and a short series of numbers. For example, *#62# or dialing *#21 will tell you the status of call forwarding on your phone.
  • Once the victim has forwarded calls, the hacker will begin to register the whatsapp account on a new device, and will request the OTP via a voice-call to the victims phone. This call will now be automatically forwarded to the hacker. 
  • The victim will notice a few minutes later that his Whatsapp will be logged out and the hackers will have full control of the account.
  • What’s worse, is that the hacker can then implement 2FA (2-factor authentication) which will stop the original owner from being able to regain access.

Tips to protect yourself from scams:

  • Implement multi-factor authentication on all your important accounts, like Whatsapp. The hackers may succeed with one authentication, but it is far less likely they’ll manage two.
  • Verify instructions given to you. Do a quick google search to see which number you are dialing or whether your instructions are legitimate.
  • Don’t disregard seemingly odd (but legitimate) notices on your phone. If you see a notification saying “Call Forwarding Successful”- immediately question why and check call forwarding status using the appropriate official MMI.
  • Don’t be pressured to react quickly: an authentic request will always allow you time to complete the task or verify it through official channels.

Multi-factor authentication is just one of the many security controls that your organization should have in place. Take a full risk assessment to close any security gaps with the Centraleyes automated risk management platform.

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days