top of page
OceanVertical

Look out for serious new WhatsApp account takeover scam

  • cypac1
  • Sep 5
  • 3 min read
whatsapp scam

Happy Friday

The bad guys are at it again! This time they're exploiting WhatsApp, using a highly deceptive scam that gives them access to your contacts, chat history and media files. They'll start by looking through your chats and files for anything they can blackmail you with. Next they use your account to repeat the scam and try to hack your unsuspecting friends and family. Diabolical.


How are they getting into accounts?

It starts with a "harmless" WhatsApp message from a friend saying something like "I accidentally found your photo" followed by a link. Clicking the link will take you to a counterfeit, look-alike Facebook login screen. If you enter your Facebook username and password, the criminal grabs them, quickly logs in and links your WhatsApp account to your FB account. Now they have full access to all of your chats, shared media, contacts and group memberships.


What are they after?

When a cybercriminal gets into you're account, they're looking for a few specific things. Namely:

  • Sensitive conversations and media files that they can use for blackmail.

  • To use your account to join private groups and access confidential discussions.

  • Spread malware and to repeat the scam. If you're account doesn't have anything juicy, there's a good chance someone you know might!


The Takeaway


Don't trust any unexpected messages containing links, even if they appear to come from friends or family.


  1. Verify Suspicious Messages. Confirm the message before clicking any links it might contain with an old-fashioned phone call or in-person conversation.

  2. Don't Enter Your Password on Unverified Pages. Check URLs carefully. Genuine Facebook login pages display “facebook.com” in the address bar. Look for HTTPS and the padlock symbol, but remember that even these can be spoofed.

  3. Use Two-Step Verification on WhatsApp. Enable WhatsApp’s built-in two-step verification feature (found in Settings > Account > Two-step verification). This will make it so that there's a PIN required before a new device can be added to your account. It's a simple but hugely effective extra layer of security.



What if it's too late and my account has already been hacked?


  • Log out of all linked devices via the Linked Devices menu.

  • Re-enable two-step verification with a strong, unique PIN.

  • Message your contacts to let them know what's happened, warning them not to click on any suspicious links that may have come from your account.


Unfortunately the cyber crime just doesn't stop coming. It's up to you to keep yourself, your family, friends and coworkers safe.


Stay safe out there.

-Attila


The Positivity Box



Cloudflare has successfully mitigated the largest DDoS attack (distributed denial-of-service attack) recorded to date. The attack peaked at 11.5 terabits per second and lasted roughly 35 seconds before being neutralized without disrupting services.



The interesting thing about this attack is that the traffic flood came from a mix of cloud service providers (like Google and Amazon) and a huge number of compromised Internet of Things (IoT) devices like smart lightbulbs, thermostats and cameras, all of which are mostly found in our homes. Yikes! Considering Cloudflare safeguards about 20% of all web traffic, kudos to them for quickly thwarting this attack.



New Friday Funnies!


What do you get when you cross a polar bear with a seal?

A polar bear.


Why aren’t dogs good dancers?

Because they have two left feet.


What do you call a bear with no teeth?

A gummy bear.


Why don't cats play poker in the jungle?

Too many cheetahs.




 
 
 

Comments

bottom of page