Social media usage has ballooned over the past month as billions have been forced into their homes by the COVID-19 pandemic. With the desire to communicate now only feasible through calls and texts, messenger apps, including Facebook-owned Whatsapp, have particularly seen a spike in users. According to TechCrunch, the said platform experienced the largest gain in usage over March with 41% from its initial 27%.
Unfortunately, this growth in users has also signalled the return of a security breach scam, which, according to Forbes.com, has been going around Whatsapp for over a year now. To make matters worse, the whole thing operates on a simple hijacking tactic that’s easy to fall for.
As we all know, signing up for Whatsapp entails that we enter our phone numbers. The app will then send a one-time verification code via SMS, which users have to enter to prove that the inputted number is indeed theirs. For the hack to work, hijackers make use of an already compromised account to message a friend of the new victim. Forbes explains, “In their message, the attacker tells the victim’s friend they are having issues receiving a six-digit code, and so had it sent to their friend instead—please send it back. That six-digit code is the WhatsApp verification code for the new victim—by sending it to their friend they are really sending it to the attacker.”
With this in mind, users are being urged to set up a “Two-Step Verification” lock to avoid a security breach. Common sense would tell you to verify with your friend first and not send the six-digit code, but we’re always better safe than sorry.
How this works is that you’ll get to set up your own PIN, which Whastapp will then ask for at random occasions to continuously ensure that you’re still the rightful user of the account. Additionally, you’ll also need to enter the PIN for when you change your mobile phone.
To set it up, simply proceed to your Whatsapp settings, click Account, and choose the two-step verification to enter your PIN, and email address for added security. As explained by Whatsapp, “When you have two-step verification enabled, any attempt to verify your phone number on WhatsApp must be accompanied by the six-digit PIN that you created using this feature.” This effectively works as a double lock to keep hackers out.