4th March, 2020

Recently we have come across Facebook statuses warning friends that a WhatsApp account has been hacked and not to open messages coming from them.

We looked further into these claims to see what is actually happening.

BE VERY CAREFUL do not give any 6-digit numbers you might be asked for from a “friend” of “family member” on your contact list. If you do, hackers will gain access to your WhatsApp account and capture the phone numbers in your contact list. They will then be able to send WhatsApp messages to your contacts, pretending to be you, informing them that they are about to receive an SMS message and to send it back to “you”.  Once they do their accounts will be compromised too.

There is a solution to avoid all this. We will let you now about it further down.

The SMS message you receive is in actual fact a WhatsApp verification code for your account. Once you send that back to your supposedly “friend” you will be sending it to the hacker. The hacker will then complete an account take over once they are in receipt of your code and will block you from accessing your account from your device.

Can you imagine what the hacker can make your friends do through WhatsApp if they think it is you sending them any requests? No data stored on your phone is compromised though as only the WhatsApp account would have been ghosted onto another device.

How to prevent this from happening.

WhatsApp offers the possibility of a Two-Step Verification. This way you can set up a code of your choice (PIN) which is separate to the 6-digit code WhatsApp sends by SMS to verify a new installation. You can also add an email address just in case you forget the code you have setup. Thus, if you had to send the 6-digit code to the hackers they will still not be able to install your account on their device as they would not be privy to your PIN. So even if you send the code to the attackers, they will still not have your own PIN.

To find the Two-Step Verification process in your WhatsApp account go to Settings and then to Account. It will only take a few seconds to have this in place and it might save you and your friends from a potential data breach.