Over the past few weeks, there have been reports of WhatsApp account hacks. The people behind this hijack a user’s account and then tell them to cough up money to get it back.
How are the hackers gaining access to accounts?
So when you are setting up WhatsApp on a new device you get a code that verifies the SIM card. This often happens over a one-time SMS code WhatsApp sends you or over a call, with a voice that repeats the number. In recent weeks, there have been reports of people who are registering with other users’ number and taking over their accounts.
The impersonations according to WABetaInfo are from people using virtual phone numbers to use WhatsApp accounts that aren’t theirs. They then send the unsuspecting individual messages that are along the lines of the following:
“Your WhatsApp account will expire in 2 days. You need to renew it by sending the code we sent via SMS.”
“The WhatsApp Team needs to know if you’re really a human: send the 6-digit code in this chat you just received via SMS.”
“[WHATSAPP]: we have detected unusual activity in your account. Please confirm your identity with the verification code.”
The thing with the verification code is that it’s like a password and the intention behind it is that you don’t share it with anyone else. WhatsApp would never ask you for it and you should’t send it to any number that requests its from you.
Also, you should read the article we put up on how to spot WhatsApp’s actual support from imposters which is in the link here.
How to protect your account?
The first thing you need to do is to set a passcode on your WhatsApp which can be done with the following steps:
- Open WhatsApp Settings.
- Tap Account > Two-step verification > Enable.
- Enter a six-digit PIN of your choice and confirm it.
- Provide an email address you can access or tap Skip if you don’t want to add an email address. We recommend adding an email address as this allows you to reset two-step verification, and helps safeguard your account.
- Tap Next.
- Confirm the email address and tap Save or Done.
In event that someone wants to hijack your account, they will need both your SMS verification code as well as the passcode to unlock your WhatsApp.
P.S You shouldn’t share either of those codes with anyone
If you don’t have a passcode enabled and you’re hacked, you’ll get your account back in a week
In a report by Forbes, the hackers are now putting their own passcode in the stolen WhatsApp accounts. So if your account is stolen and you don’t have a passcode set and the hacker sets one, even if you get a new SMS verification code you’ll only be able to access your account after 7 days.
This is because WhatsApp says that you must wait 7 days before you can sign in without two-step verification/passcode/6-digit code. The one good thing about all of this is that once you have entered the SMS verification code after the hack. Anyone logged into your account will be booted out, but you will be without your account for a week.
Oh… almost forgot
Earlier on I said that the hackers will try to extort money from you. Well… you shouldn’t pay up because once you have verified your account again using the SMS code they aren’t in control of the account. You will get your account back in 7 days
PLEASE! Don't send money to get your WhatsApp account back!— WABetaInfo (@WABetaInfo) February 19, 2021
You can still recover it after logging in again. 2FA will be reset after 7 days but the "hacker" won't be able to use your account anymore.
Full story in the quoted article and why he is not a hacker. https://t.co/vs0HN8cYwr pic.twitter.com/n9JnWrKFyn