Hackers are now using spyware to attack WhatsApp and other messaging accounts. The new warning from America’s cyber defence agency puts WhatsApp account hacks front and center again. Do not lose your account — all users must check their security now.
CISA says cyber threat actors use “sophisticated targeting and social engineering” to gain “unauthorised access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device.”
Sophisticated spyware attacks are usually limited to high-value targets. They may come at you by way of malicious links, QR codes, app installs, mobile malware or even fake apps mimicking the ones we all know and use. 99 per cent of your defence comes from not clicking links, not installing apps outside official stores and not opening attachments.
But your WhatsApp account is much more likely to be hijacked by social engineering.
An attacker tricking you into sharing a one-time code that will enable them to transfer your account to their own device, leaving you with the challenge of getting it back.
Law enforcement and security firms continuously alert users about such attacks.
And WhatsApp warns “you should never share your registration code with others, not even friends or family. WhatsApp can’t deactivate your account for you because there’s no way to verify that you’re the owner of the phone number associated with that account.”
Three things to do now. Open WhatsApp and go to Settings Account. First make sure you have two-step verification enabled.
This is a PIN you set and need to remember. Second, add and verify your email address to help in the case of account recovery.
And third, add a passkey to your account. Do all three and your account is fully secure.
ESET offers some good advice on how to tell if your account has been compromised and what steps you can take to get it back. “Immediate actions and long-term fixes,” it says, will help you “regain access to WhatsApp – and keep it.”
