Digital security threats are becoming more sophisticated, leaving users vulnerable to hacking attempts.

Recently, Shantanu Gupta, a well-known author and political analyst, fell victim to a WhatsApp hacking scam during a routine train journey.

His experience highlights the growing risks of cyber fraud and the lack of adequate security measures from both WhatsApp and telecom providers.

Gupta noticed something unusual around 10 AM, his WhatsApp started logging in and out repeatedly.

Suddenly, he was logged out completely, indicating an attempt to access his account from another device. After multiple failed login attempts, WhatsApp restricted access for four hours, allowing the hacker to take control.

The attack was surprisingly simple. The hacker forwarded Gupta’s calls to their own device, intercepting the voice OTP needed to activate WhatsApp on another phone.

Shockingly, his network provider allowed this redirection without any verification or warning SMS.

As soon as the hackers gained access, they messaged Gupta’s contacts, including his wife, friends, and family, demanding money.

Flooded with concerned calls, he quickly used social media to warn everyone about the hack. Although Noida police helped him recover the account within hours, the stress and reputational damage had already taken a toll.

Furious with Meta and Airtel, Gupta criticized WhatsApp for failing to detect such suspicious activity.

He also highlighted the absence of direct customer support from Meta, unlike banks that offer instant fraud assistance.

Another victim has faced an ongoing hacking issue. Every night, someone takes control of his WhatsApp account, creates unknown groups, and disappears by morning.

Even after enabling two-factor authentication, the problem persists. Frustrated, he has decided to file a police complaint.

Cybersecurity experts warn that hackers use social engineering, technical exploits, and SIM-based attacks to hijack WhatsApp accounts.

Some common methods include:

• OTP Phishing: Scammers impersonate trusted contacts or WhatsApp support, tricking users into sharing their six-digit verification code.
• SIM Swapping: Attackers obtain a duplicate SIM card, allowing them to take over a victim’s number and WhatsApp account.
• WhatsApp Web Hijacking: Brief access to a phone lets hackers link WhatsApp Web, maintaining remote control.
• Call Merging Scam: Hackers trick users into merging a call, allowing them to eavesdrop on WhatsApp’s automated OTP verification.

To safeguard against such attacks, experts advise enabling two-factor authentication and, for iPhone users, activating ‘lockdown mode’ to prevent unauthorized device linking.

Additionally, never share OTPs, avoid call merging requests, and regularly check linked devices for suspicious activity.

With cyber threats escalating, WhatsApp and telecom providers must implement stronger security measures to prevent such breaches.

Image by Neeclick from Pixahive (Free for commercial use / CC0 Public Domain)

Image Published on October 08, 2020

Image Reference: https://pixahive.com/photo/whatsapp/