WhatsApp fans have been placed on high alert as a scam, which could allow hackers full access to every WhatsApp message, photo or video you've ever sent, has reappeared as record numbers of people turn to the app to chat during lockdown. The nasty attack was first spotted earlier this year but it seems some users are being targeted once again. Here's everything you need to know to keep your precious data safe from prying eyes.
Unlike most scams, this hack actually gives criminals full access to your messaging app account – which could enable them to talk to your nearest and dearest, leaving friends and family at risk. What makes this attack more sinister is that it works via the official WhatsApp two-factor system. So, it's not something that can simply be patched or tweaked by the app in a future update.
Whenever you upgrade your smartphone, WhatsApp will ask to verify your identity using your phone number before allowing you to access any chats backed-up to the cloud. It's this six-digit code that hackers need to get their hands on to gain access to your account.
If they already know your phone number – either because of a previous leak that left some of your personal data exposed to hackers, or because they know you – then they can put the number into a new installation of WhatsApp on their phone. To verify the identity of the person trying to log into your WhatsApp, the Facebook-owned app will send a randomly generated six-digit code in a text message to the phone number. This won't go to the hackers, this will go to your phone.
Next, the hackers will send a text to you – making an excuse for the six-digit code being sent to you – and asking you to forward it.
As soon as you send them the code, WhatsApp believes that it's a genuine attempt to login to your account and will enable the chat on the hackers' smartphone. As far as your contacts are concerned, the hackers are now you and can continue to send texts in your WhatsApp conversations, or group chats.
Netflix free subscription offer: why this WhatsApp text isn't what it seems
Using this method, hackers could target friends and family asking for money via Paypal links. Users often find themselves locked out of their WhatsApp account for hours making it hard to warn people that they have been targeted.
It's unclear how many people have been hit by this attack, however, social media is full of users warning about the scam with one tweet saying: "@WhatsApp my friend has lost control of his account after a malicious actor tricked him to send the six digit Change Number code. What should he do please?"
Speaking about this latest attack Jake Moore, Cyber Security Specialist, Eset told Express.co.uk: "If hackers hijack your account and start sending messages to your contacts as you, the recipient would have no reason to disbelieve it and would most likely unknowingly reply. It would even seem plausible if your partner asked about sensitive bank details or security information as the message would appear to be from you – all the while you could be completely unaware and locked out.
"Many people could get their WhatsApp accounts hacked this way and therefore it is vital that people implement two-factor authentication within WhatsApp. Although it is relatively unknown, this simple technique will stop this attack altogether and protect your account from being hacked."
This is particularly worrying at a time when more people than ever are staying in contact by using services such as WhatsApp. Recent reports suggest that the platform has seen a huge 40 per cent increase in usage since the Coronavirus outbreak has forced millions to stay home. The largest spike was seen in Spain, where the amount of time spent on WhatsApp rose 76 percent. The figures were published by market research firm Kantar.
Another smartphone app that has seen a monumental spike in usage following the strict lockdown procedures introduced in the UK, Europe, and United States following the novel coronavirus pandemic is Houseparty. The app, which is owned by Epic Games, allows users to drop-in and drop-out of video chats with friends and play games, including a trivia quiz and a Pictionary-style game. However, thousands of peoples are now warning of a hack in Houseparty – telling people to log out and delete the app immediately.