Protecting Yourself From WhatsApp Hijacking

Published on 04 Nov 2020

Updated on 06 Jan 2021

Scammers are using the WhatsApp re-registration process to take over WhatsApp accounts. 

 

WhatsApp’s Re-registration Procedure

WhatsApp accounts are tied to the users' phone numbers. When logging in to an existing WhatsApp account, WhatsApp will send a one-time code via SMS to verify the phone number.

 

How Scammers Take Over WhatsApp Accounts

1. Impersonating as a Friend or WhatsApp’s Support Team

When a scammer tries to add a targeted user’s phone number to a new WhatsApp installation on his/her own phone, the targeted WhatsApp user receives a SMS containing the 6-digit registration code from WhatsApp. In many cases, the scammer obtained these targeted users' phone numbers from an already hijacked WhatsApp account. As such, scammers will then impersonate as a friend or as WhatsApp’s support team to request for the registration code to be sent to them.

2. Enticing Victims with Fake E-commerce Platform Promotions

Scammers may use a hijacked WhatsApp account to send messages to targeted users with fake information on ‘special’ promotions on e-commerce platforms (e.g. special anniversary lucky draws or flash sales), to trick users into sending over the 'promotional code', which is actually the WhatsApp registration code.

3. Accessing Voicemail Accounts with Default Passwords

Scammers can bypass the verification process by using the victim's voicemail. To do this, the scammer repeatedly fails to verify the WhatsApp one-time registration code. This will allow WhatsApp to prompt the user to perform a "voice verification”, during which WhatsApp would call the user's phone and the one-time verification code would be read out in an audio message. Scammers who have timed their attacks at night when the user has switched off his/her phone or is away from it, would redirect the message to the victim's voicemail. 

As most telco providers allow remote access and use default passwords for voicemail, scammers could easily hack into the voicemail account and recover the audio message which contains the code to login to the victim's account. Upon gaining access, the scammer can enable two-step verification, which would prevent the victim from regaining control over his/her WhatsApp account. Following this, the scammer may look at the victim's WhatsApp contact list to find new targets. 

 

Securing Your WhatsApp Account 

WhatsApp users are advised to adopt the necessary precautionary measures to protect themselves from falling victim to such attacks. Some of these measures include: 

  • Protect your WhatsApp account by enabling the ‘Two-Step Verification’ feature, which is found under the ‘Settings’ tab of your WhatsApp application. Users may also wish to enable the option of a backup email address.
  • Change your default voicemail PIN. Please refer to your respective Telco service providers for information on changing/resetting voicemail PIN.
  • Do not share your WhatsApp account verification codes or any One-Time Passwords (OTP) with anyone. If you have received suspicious message(s) from a contact or stranger via WhatsApp, do not respond to the message(s), especially if the messenger requests for a OTP or code to be sent back to them. Do not click on any links or provide personal information.
  • Verify the authenticity of the message(s) through alternative means (e.g. calling the contact). If the suspicious message(s) is/are from an unknown number, report the number to WhatsApp directly. 
If you have been a victim of WhatsApp hijacking, you may wish to re-log in to your WhatsApp account using your phone number. This will trigger a fresh registration code via SMS. Once the registration code is entered, the scammer will be logged out. If the scammer has activated two-step verification, you may have to wait 7 days before you can sign in without the two-step verification PIN. For victims who prefer to delete and re-install WhatsApp, the chat history will be deleted unless there was an earlier back-up that works. 

 

For more information, you may visit: https://faq.whatsapp.com/general/account-and-profile/stolen-accounts/?lang=en

 

For more information on scams involving the takeover of WhatsApp accounts, you may visit the Singapore Police Force’s website: 
https://www.police.gov.sg/media-room/news/20200604_others_resurgence_of_scams_involving_takeover_of_whatsapp_accounts 

 

For more information on good cyber hygiene practices when using messaging applications, please refer to section A.3 "Instant Messaging" on the Go Safe Online website: 
https://www.csa.gov.sg/gosafeonline/go-safe-for-me/for-students/a-word-to-the-wise-internet-safety-for-all