Tech: Whatsapp Safety

Whatsapp is a common SMS based tool many around the world use, often for inter-continental messaging and other reasons.

Unfortunately, it is not a good option for many reasons beyond Facebook’s recent purchase of the app and all user data.

Goodbye any perceived privacy!

Whatsapp is also commonly used by Catphish or Social Engineers to both gather information about a target or others close to a target, hoping to compromise someone in an unexpected way.

How do you prevent giving others access to your account?

There are a few important tips.

#1 Never give an authorization code back to someone.

This goes beyond just Whatsapp, but essentially if someone text messages you on whatsapp or via your phone, asking for a random number you also received – don’t do that as it could be a code permitting them login to your account.

#2 Never click URLs in Messages

Obviously you might do this for a close friend, but anyone you don’t trust – or don’t physically know – always demands precaution.

It is also very easy for a friend to get compromised in whatsapp and then immediately send you a malicious link that you might believe is a simple meme or video!

Any suspicious URLs should be considered malicious and a possible threat to hijack your account and worse – continue to hijack your friends and family.

What the Facebook takeover means:

While Facebook absorbing Whatsapp make indeed make it more secure for login*, that also brings in a new concern for Privacy and Account Suspension.

If Facebook now controls your whatsapp account, and you use your Facebook login to access whatsapp – being banned from Facebook in the future** may also wipe out your ability to contact those you know in Whatsapp.

*If they do away with allowing a phone number and simple text (or QR code) to access an account.

** Depending on how you login. Facebook Login being disabled will lockout any attached 3rd-party accounts. However, like recently what happened with Parler and various individuals, the fact that Facebook has access to your Whatsapp could mean they deny your business based on other histories; blocking access without warning.


The Rundown

The concerning thing about whatsapp is that if a scammer gets access to the account, they get your full contact list from your phone.
Not just whatsapp contacts.

This is a serious problem with any app that allows login via phone number and also has a contact list.

For example,
Say someone is Social Engineered or clicks a malicious URL via a whatsapp text;
They then may have compromised their own account.

Once an actor gets access, they can download all contact and message history that exists very quickly from a PC.

It gets worse… the attacker then knows they are unfamiliar with attacks like this, making it likely close friends also are easily compromised.

The attacker also now has a list of numbers and potentially other information, including full SMS conversion and calling history.


They can use this to bypass Multi-Factor Authentication with a few basic social engineering methods.

If someone is compromised, they have mere minutes to prevent all of their contacts and data being extracted.

Unlike some apps… whatsapp requires you to sync phone contact data.


How to handle a theft scenario per Whatsapp:

https://faq.whatsapp.com/general/account-and-profile/stolen-accounts/?lang=en


#whatsapp #privacy #security #cybersecurity #scammer #appsecurity #technology #tech

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.