Skip to main content

WhatsApp Account Takeover

Advisory

Advisory
30 January 2024

 

Background

There have been multiple reports of a deceptive SMS message which appears to be from WhatsApp and directs the recipient to the link https://whats-1.cc which is a phishing website. The fraudulent site is masquerading as WhatsApp Messenger Operator, with the objective of taking over the user’s WhatsApp account by misusing the “Link a Device with Phone Number” method and a one-time code.

 

Impact

  • Loss of access to WhatsApp account
  • Identity theft

 

Recommendations

  • Before clicking on any link, examine it carefully to check whether the URL looks legitimate. Never open suspicious links as they may lead to malicious files or phishing websites.
  • Enable ‘Two-Step Verification’ for additional security.
    Settings > Account > Two-Step Verification
  • Do not share any confidential information via WhatsApp, including passwords, identification documents, official letters, job applications, documents, bank statements, and credit card details.
  • Be cautious of calls and messages from unknown numbers. If a request seems strange, verify the authenticity of the message by directly contacting the sender. Don’t feel pressured to respond or react immediately.
  • Keep an eye on poorly written messages. A common sign of scams is when a message contains grammar errors and spelling mistakes.
  • Do not respond to any messages requesting a One-Time PIN (OTP), password and security code. The message would most likely be from someone who is trying to gain control of your account or access to your personal information.
  • Adjust your privacy settings to limit who can see when you’re online, your profile photo, status updates, or add you to groups.
    Settings > Privacy
  • If your WhatsApp account has been hijacked, immediately inform your family, friends, and colleagues that your account has been compromised.
  • Log out of WhatsApp Web/Desktop when you finish using it.