Cyber Security Authority Reports Rising WhatsApp Account Takeovers

According to the Cyber Security Authority (CSA) in Ghana, the number of recorded WhatsApp hijacking by scrupulous persons in the first quarter of 2024 has equalled the figure of the entire 2023.

In a cautionary statement, the Authority said 187 of such incidents have been recorded as of April 2024.

“The Cyber Security Authority (CSA) has noticed increased incidents of individuals falling victim to social engineering and sharing their WhatsApp verification codes with malicious actors, leading to unauthorised access and account takeover.”

Approach
The actors disguise themselves as familiar contacts or authoritative figures (typically as administrators of groups the eventual victim is part of) and craft persuasive messages to lure their targets to disclose their verification code.

They sometimes notify the “victim through text messages about an ongoing upgrade on their group platforms and requesting the victim to share the code that will be sent to them”.

“Calling the victim to inform them that a security code has been sent to prevent their account from being hacked and requesting the victim to share that code. Informing the victim that they (the victim) have received a mobile money transfer and that they must reveal the code the perpetrator sent to access the funds,” the Authority sensitized.

Other approaches include sharing URLs in WhatsApp groups and instructing group members to click on them to update their information by providing the code that will be sent to them.

“Once the code is shared, the victim’s account is compromised opening the door to unauthorised access and account takeover. The malicious actors then impersonate the victims and defraud their contacts.

“In some cases, the malicious actors perpetrate Subscriber Identity Module (SIM) Swap fraud wherein, they impersonate the eventual victim to a mobile network operator and acquire a new SIM card. The victim loses the ability to communicate altogether, while the malicious actors potentially also gain access to one-time passwords (OTP) and mobile wallets.”

Advice
The CSA has advised the public to enable WhatsApp two-step verification, refrain from sharing their verification codes, and educate their friends and relatives about this growing trend