WhatsApp is the most popular chat application worldwide. Users of the Facebook owned application has reported issues of their accounts been hijacked by hackers. If you belong to several WhatsApp groups like I do, then you may have come across annoying World Remit scam posts requesting people to send amounts of money in order to receive doubles or quadruples of the amount.
These scam posts caught my attention here at Mickinet Systems when trusted and reputable people posted these ponzi schemes directly from their WhatsApp accounts. So I decided to investigate only to realize their accounts had been hacked.
How they hack your WhatsApp account
In order to register or login to a Whatsapp account, you will need to request for a One Time Pin (OTP) from Whatsapp by entering your number and submitting the request. You will not be able to gain access to your account without the OTP.
Since the hacker doesn’t have your sim card, they will not be able to get the OTP. What they normally do is to call you and trick you to provide the OTP.
“I got a call one day and the person identified himself as one of the admins of my WhatsApp group. He told me due to the posting of unnecessary and scam messages, the admins are creating a secure group that will only be accessed by a password.
Then he told me he is sending my password to me via sms so I should verify my identity by providing the password when I receive it. I ignorantly did as he said and that was the end of my WhatsApp account,
I tried to re-register or login with my account but my number was changed by the hacker so that was it”
Narration by a victim
How to protect your Whatsapp from being hacked
To begin with, do not disclose your OTP to anyone no matter the circumstances. Secondly, it is very important to turn on two-step verification, which is an additional layer of security for your account. This additional security will allow the user to set another pin which which you will have to enter anytime you login to your account.
So even if the hacker gained your OTP through some other means, he or she will not be able to gain access to your account.