That there is a surge of incidents of mobile phone hacking is not surprising, according to cyber security engineers.
WhatsApp is the most widely used messaging platform, and it has become a prime target for hackers. Software engineer and cybersecurity expert Anselm Muchura advises users to make use of the security features and avoid clicking on suspicious links.
In May 2019, WhatsApp admitted to intercepting and stopping “a highly sophisticated cyber-attack that exploited our video calling system in order to send malware to the mobile devices of a number of WhatsApp users.”
The nature of the attack did not require targeted users to answer the calls they received, WhatsApp said in an FAQ blog post, adding that it “added new protections to our systems and issued an update to WhatsApp to help keep people safe.”
Yet experts say panicky friends still reach out to them for advice after hackers take control of their WhatsApp accounts. Usually, the fraudsters either take full control of the account, or are able to access only the contact lists. In both cases suspected fraudsters send out messages —mostly asking for money.
“This is not a new phenomenon, only a different way of carrying out attacks due to the wide usage of mobile devices,” cyber security and data privacy Consultant Oscar Okwero says.
The hackers gain control of their victim’s phone mostly through social engineering and phishing through sharing malware-laden pictures, videos, and links. When the user clicks on these, the malware establishes access to the device back to a control server from which other commands are issued, Mr Okwero explains.
Hacking, which is a form of cybercrime, is when one gains unauthorised access to someone else’s device, lawyer Morara Omoke explains.
Kenya has a Computer Misuse and Cybercrimes Act of 2018 and data protection laws which provide guidelines to prevent misuse of electronic gadgets.
“Cybercrime seems to take a criminal approach. Then there is the Data Protection Act that seems to offer non-criminal remedies,” lawyer Motara Omoke explains, adding that the implementation of these laws remains a challenge.
But how should one protect their accounts from hacking?
“Always backup your sensitive documents so that if you lose full access to one account, you can still recover it. Do not save your passwords on devices, and change them frequently,” cybersecurity and data protection consultant Oscar Okwero advises. “Have separate work and social media emails, do not click on links sent by mail, and do not use public Wi-Fi to send sensitive information.”
The most common socially engineered attacks are online baits through promos and advertisements offering gifts, free music or movie downloads then asking for the individual’s WhatsApp contact. Some also send links and codes that makes the account vulnerable once clicked on.
To recover your account from hackers, you will have to log in to your WhatsApp again to automatically log out the hacker, the cyber security experts say.
“If the hacker activates two-factor authentication before you log back in, then you have seven days to recover your account. If you lose access to the account, delete it to keep fraudsters from gaining access,” Mr Muchura said.
“Avoid using clone apps or apps with unknown sources, do not share any personal information, especially identification details, log out of WhatsApp Web from your browser, and avoid suspicious links,” he said.
Signs that your WhatsApp account is hacked
If you start receiving messages from unknown individuals, according to Muchura, it is a strong indication that someone else has control of your WhatsApp account.
“You should review your contact list to identify any unknown individuals who may have been added.”
If you notice any changes to your WhatsApp profile details, chances are someone else accessed your WhatsApp. Similarly, if you notice unfamiliar devices or active WhatsApp web sessions on an unknown device on your WhatsApp app, then your account has been hacked.
If you encounter a message reading, “This phone could not be verified," it means your WhatsApp has been accessed by an unknown device.