Be cautious of WhatsApp hackers: here's how to protect yourself

Stolen WhatsApp accounts can be used for spam distribution and scam schemes, prompting a warning for users to beware of cybercriminals who use various methods to gain access to them.

Seifallah Jedidi from cybersecurity and digital privacy company Kaspersky said there are two ways cybercriminals commonly gain control of a WhatsApp account:

• they can add another device to an existing account using the “Linked devices” feature; or
• they can re-register the account on their own device, as if the user purchased a new phone.

“In the first case, the user continues to use WhatsApp as usual, but the criminals also have access to all recent conversations. In the second case, the user loses access to their personal account. When trying to log in, WhatsApp notifies him that the account is already in use on another device, and the attackers can then control the account but not the past conversations,” he said.

Jedidi outlined steps you can follow to use WhatsApp safely without being hacked:  

• Enable two-step verification in WhatsApp and memorise your PIN — it’s not a one-time code. To do this, go to Settings → Account → Two-step verification.
• Never share your PIN or one-time registration codes with anyone. Only scammers ask for these details. 
• WhatsApp recently introduced support for passkeys. If you enable this option (Settings → Account → Passkeys), logging in to your account will require biometric authentication, and instead of PIN codes, your smartphone will store a long cryptographic key. This is a very secure option, but it may not be convenient if you frequently change devices and switch between Android and iOS. 
• Set up a backup email address for account recovery: Settings → Account → Email address. 
• If you’ve already added an email address, log in to your email account and change your password to a strong, unique one. To store it securely, use a password manager. 

To ensure you haven’t fallen victim to a SIM swap scam, Jedidi recommends contacting your mobile carrier — preferably in person at a registered store — and verify that no duplicate SIM cards have recently been issued for your number. Also, make sure there’s no unauthorised call-forwarding set up on your number.

Cancel any suspicious changes and ask the staff about additional security measures for your SIM card. These may include prohibiting SIM-related actions without you being present, an extra password required for authentication, or other protections.

If at any time you notice any unusual activities, such as receiving replies to messages you didn't send or vice versa, make sure to reset your privacy settings immediately. 

TimesLIVE