The National Information Technology Development Agency (NITDA) has issued a warning about an emerging threat wherein malicious actors are strategically compromising users’ WhatsApp accounts. The method involves activating users’ accounts on alternate devices without their knowledge and convincing them to divulge the crucial activation code, posing a significant cybersecurity vulnerability.
NITDA highlighted that attackers often use social engineering tactics, such as making calls or sending convincing text messages, to trick users into disclosing the activation code sent via SMS by WhatsApp during the activation process. Once the attackers have the activation code, they can take control of the WhatsApp account, gain unauthorised access to contacts, and potentially exploit this access for fraudulent activities.
To address the escalating threat, NITDA has recommended a comprehensive set of preventive measures to enhance the security of users’ WhatsApp accounts. These measures include robust password management, reinforcing two-factor authentication, conducting regular security audits, and raising awareness about social engineering tactics used by cyber adversaries.
- Enable Two-Step Verification: Activate two-step verification in WhatsApp settings to add an extra layer of security requiring a PIN during account activation.
- Be Cautious of Unsolicited Calls or Messages: Exercise caution when receiving unsolicited calls or messages, especially those claiming to be from WhatsApp support or other seemingly genuine channels.
- Never Share Activation Codes: Keep activation codes confidential and avoid sharing them with anyone, even if they claim to be a friend or support representative.
- Double-Check the Identity of Contacts: Verify the identity of individuals seeking sensitive information or financial aid through alternative means, such as SMS or a phone call.
- Verify Messages and Calls: Confirm the authenticity of messages and calls with known contacts through alternative means.
- Review Connected Devices: Periodically review the devices connected to your WhatsApp account and log out of all sessions if any suspicious activity is detected.
Implementing these guidelines can significantly enhance the resilience of WhatsApp accounts against potential breaches and unauthorised access.