Motorists are urged to take alternative streets
uae10 hours ago
In the last week of December last year, Megha Vrinda Gupta, a Dubai resident, received a message from her colleague on her WhatsApp.
Usual pleasantries aside, the message asked for a one-time password (OTP) number that the colleague had ‘inadvertently’ sent to Megha’s number.
“Because it was a colleague who had used my phone before, I did not think much of it,” recalls Megha, who is a doctor.
Megha ended up responding to the message and sharing the code she’d received. For two days, nothing happened.
On the third day, the WhatsApp app on her mobile had not only been blocked, her contacts also began receiving the same message that she’d responded to. At least three of them replied and found their accounts hacked. It wasn’t until WhatsApp sent her a verification code hours later, following which she activated the two-step verification, that her account was restored.
Many UAE residents are falling prey to phishing attacks.
WhatsApp phishing, in general, has been on the rise ever since the pandemic began. But why WhatsApp? “Every single platform that is available today has certain characteristics that attackers latch onto when designing phishing campaigns. The process of phishing on WhatsApp is similar to that of other phishing schemes where a message is sent to the receiver requiring a certain action (for example, clicking on a link),” says Nicolai Solling, Chief Technology Officer (CTO), Help AG (Etisalat Digital Security).
“Phishing is an interesting cyber security threat because it relies on exploiting basic human behavioural tendencies in order to achieve the action from the target. For example, many schemes will start by telling the user something has happened to them (credit card being abused, for example) and will impersonate an entity they trust (such as a central bank) pretending to be helping them to solve the problem. Another strategy is to exploit people’s hopeful nature by informing them that they have won something (such as a lottery) and asking them to take an action to receive their prize. If we’re looking into enterprise-focused attacks, it could be around tricking people to give away their username and password, which can be utilised by the attacker, to gain access into an organisation’s email system, or other private systems.”
Maher Yamout, Kaspersky’s senior security researcher of Global Research and Analysis Team, says with businesses increasingly moving to WhatsApp and even banks using it, the application (app) has become an attractive target for hackers. But with the app being end-to-end encrypted, it shouldn’t be easy to hack into? “Generally, they’re not trying to hack the encryption. They’re trying to take over the WhatsApp number and connect with people,” he says. “They’re not interested in the content of messages, they’re likely to reach out to people and persuade them to give money.”
In many such phishing cases, the first point of target is a WhatsApp group. The rationale, says Haider Pasha, Chief Security Officer (CSO) at Palo Alto Networks, Middle East and Africa (MEA), is that besides helping scale their phishing or spam messages, WhatsApp groups can give attackers visibility into the phone numbers of all the members. “Once the message is received and the new victim account is hijacked, attackers now have visibility into any groups the new victim is a part of and the attack begins to a new set of targets,” he says.
Being connected with other social media apps means that access can be compromised too.
Almost all the experts Khaleej Times spoke to suggest that linking messaging apps with social media accounts means that the latter can also be used for phishing attacks. “For example, WhatsApp is owned and can be linked with Facebook so an account breach of one service, could potentially compromise the other. A general best practice is to use two-factor authentication and set different passwords for each account, using a trusted strong-password generation tool to manage your passwords,” says Pasha.
How to safeguard your WhatsApp:
Don’t share any personal information if your app-based messaging service is asking you
Don’t trust a link you didn't ask for, even if it's coming from a trusted source
Never share your six-digit code verification code with anyone, even if you think it's for a different account
Enable 'Two-step verification' pin in WhatsApp
Beware of social engineering messages from unknown sources making you feel rushed or emotional
Block users who send you spam or hoax messages and report them to WhatsApp within the app
If your account has been breached, follow these steps:
Reinstall WhatsApp immediately and get a new verification code
Set up the six-digit pin on your account
Change your Facebook password
Set up two-factor authentication on Facebook
— Courtesy Haider Pasha, CSO, Palo Alto Networks, MEA
Motorists are urged to take alternative streets
uae10 hours ago
UAE’s Alblooshi and Sood in pursuit of Female Division leader Duangsam at RAK’s Al Hamra Golf Club, RAK
sports11 hours ago
The emirate has been working on a comprehensive plan to replace overhead lines in the Central Region with underground cables
uae11 hours ago
The announcement comes soon after holidays were declared for the UAE ministries, federal entities, and employees in the private sector
uae12 hours ago
Winners of the annual Emirates Labour Market Award spoke about how they plan to use the money to build their dream houses, start businesses
uae12 hours ago
10 lucky fans will have the once-in-a-lifetime chance to meet the eight-division world champion
uae attractions13 hours ago
ASAS 2024 brought together over 1,000 young talents from 50 nationalities under the theme 'Art and Innovation'
kt network13 hours ago
While President-elect Trump's administration originally filed the search case against Google during his first term, he indicated he might not break up the company
tech14 hours ago