The WhatsApp Take Over Issue — It has started…

Rushi Mehta
3 min readDec 12, 2021

--

What if your WhatApp goes in hands of Someone?

WhatsApp has undoubtedly become an integral part of human life. More than 50 Crores users in India use WhatsApp. Owing to this popularity, ‘Desi’ Cyber Criminals have found out a way to loot people by taking over WhatsApp Accounts of victims.

WhatsApp Installation & Verification:

WhatsApp installation requires Six-digit verification code that is sent on your phone via SMS or Call.

OTP is stolen using SMS, Call, SMS Forwarder or Remote Access App.

Both methods of activation are innovatively used to take-over WhatsApp accounts

· Mode: Social Engineering over Call.

· Motive: Mostly Money.

1. Call based WhatsApp account take over: OTP over call

· Victim gets a call from an unknown number (fraudster) on interesting topic (Vaccine Feedback, WhatsApp support, Survey etc.)

· Parallelly, fraudster will initiate WhatsApp registration process of target number.

· Call based WhatsApp activation option will be selected and victim will be asked to merge the call stating some logical reason.

· Victim merges call, which is verification call from WhatsApp that has OTP.

· Fraudster enters the OTP and activates the account and victim gets logged off.

2. SMS based take over

Classic method of fraud. Victim is called and asked for OTP stating any random reasons. Unaware victim shares OTP which is WhatsApp activation OTP and this account gets compromised.

Extra smart criminals will then exhaust the limit of entering OTP so your account is freezed for some time (typically 12–24 hours ) for registration on any other device. This means, you will not get your account back for 12 hours.

Time is Money as they say. Cyber Criminals will get 12 hours now to use your account.

Temporary Lockout of your WhatsApp account.

What can they do after getting your WhatsApp?

1. Financial Fraud: Message all groups and contacts “I am hospitalized, I need money. Please transfer to my account”

2. Extortion: Use your personal photos to Blackmail — Extortion.

3. Defamation: Post status/messages that may defame you and your image.

4. Connected Account compromise: WhatsApp based activation service can be opted and used.

5. Account Deactivation request via email to WhatsApp’s deactivation Email ID.

What they cannot?

WhatsApp payment cannot be used as SIM is mandatory for registration of UPI service.

Incident Response: What to do if your WhatsApp is taken over?

1. Re-Activate your WhatsApp on your device and log off from all active devices.

2. Many a times, you will not be able to log-in as they could exhaust your login attempts purposefully. In that case:

a. Call & SMS your relatives and group members stating your account is hacked and do not respond to any request.

3. Report any financial loss by calling 155260 helpline and subsequently complete details on www.cybercrime.gov.in (Report Other Crimes)

4. Read WhatsApp guidelines for further protection https://faq.whatsapp.com/general/account-and-profile/stolen-accounts

5. Follow @CyberDost handle of Indian Cyber Crime Coordination Center, MHA for staying up-to-date on security of digital space.

Facebook: https://www.facebook.com/CyberDostI4C

Telegram: https://t.me/cyberdosti4c

Instagram: https://www.instagram.com/CyberDostI4C

Twitter: https://www.twitter.com/CyberDost

International Incidents:

Indian tricksters learn from International incidents, advisories, news reports. Other countries too have similar incidents.

New Warning For WhatsApp Users Over Account Suspension ‘Hack’ (forbes.com)

New Variants Of Scam Involving Takeover Of WhatsApp Accounts (police.gov.sg)

--

--

Rushi Mehta
Rushi Mehta

Written by Rushi Mehta

Cyber Security & Fintech Risk Enthusiast, Trekker, Meditator and Contributor!

No responses yet