The Ministry of Posts and Telecommunications warned members of the public who use WhatsApp to vigilantly guard against a new trick employed by hackers that involves the use of six-digit codes sent to potential victims via the popular messaging app.
The ministry said hackers could take control of their WhatsApp account using this method and engage in activities that are detrimental to the interests of the owners of the hacked accounts.
The ministry also requested that WhatsApp users report any suspicious activity they encounter and seek technical support from the ministry’s Department of Information and Communication Technology (ITC) Security if they think they may have been hacked.
The ministry’s January 5 announcement said: “Recently, cyber-attacks via WhatsApp have been taking place at an alarming frequency. Messages hackers send to a potential victim via the app include, among others: ‘Sorry! I sent a 6- digit code to your number via SMS by mistake. Can you forward it to me? It is urgent.’
“These messages are sometimes sent from accounts belonging to friends of the intended victim who have already been hacked themselves,” the ministry warned.
To avoid being hacked, the ministry said WhatsApp users should check the content and the source of any messages sent to them and ignore any message requesting a six-digit code.
According to the ministry, if users suspect that someone they know has been hacked, they should make a voice or video call to them to check.
If the account has been compromised, then users should block it for now and the account owner should contact WhatsApp customer support, the ministry said.
“Do not forward any six-digit number messages to other users; no matter what and even if you are in daily communication with them.
“That includes six-digit numbers from WhatsApp, Telegram, Messenger, Viber, Line, or online banking apps,” the ministry said.
The ministry’s warning is due to the fact that the six-digit codes are password reset codes, two-factor authentication codes or mobile number confirmation codes.
Hackers who obtain these codes will use them to log in the potential victims’ existing account or to create a new account using their personal details.
Moses Ngeth, an independent technology security adviser, told The Post on January 6 that hackers constantly change their methods to make users fall for their tricks and the hackers then use their account access to steal money or data or documents and other private information from their victims.
“These hackers never stop looking for new ways to trick people because the method they are using now won’t work once people learn about it through others who have already fallen victim to it.
“When we are targeted by their attacks, they can then use our phone number or account or identity online to trick our friends and family too if they aren’t warned,” Moses said.
He warned users to be cautious when online, especially employees of state and private institutions or companies that use these applications in the workplace.