![whatshack welcome view only whatshack welcome view only](https://i.ebayimg.com/images/g/quMAAOSwlS1cz2R5/s-l300.png)
“It goes without saying that you should set two factor authentication up on every account that offers it,” Moore tells me, “but many users don’t see WhatsApp like other apps and hence they may forget to activate it.” You should also enter a backup email address as prompted, this will ensure you cannot be locked out of your phone if you forget your own new PIN.
Whatshack welcome view only verification#
“When you have two-step verification enabled,” WhatsApp says, “any attempt to verify your phone number must be accompanied by the six-digit PIN that you created using this feature.” Simply put-the hack will NOT work.
Whatshack welcome view only code#
Even better, your WhatsApp app will occasionally ask you to enter the code just to double-check it’s you tapping away on the keyboard. With this “ Two-Step Verification” in place, even with your SMS verification code an attacker CANNOT hijack your account. You must do this now.Ĭonfusingly, there is a different six-digit code buried in WhatsApp that you can set-up now with a number of your choice, one that won’t be known to WhatsApp or anyone else. It will take you 30-seconds and you will never have your WhatsApp account hijacked in this way. “She rightly mentioned that many people leave their phones unattended but think nothing of it, even in public places such as restaurants and bars.” “She could not believe how easy it was to take over an account and felt there should be more security in place for unsuspecting users,” Moore explains. Last month, ESET’s Jake Moore showed how easily he could hijack a colleague’s account, viewing the SMS preview of a verification code sent to their unattended phone. It doesn’t matter how this is done, the risk is the same and the fix is the same-as detailed below. The methodology has changed but the attack vector is exactly the same. As first reported by WABetaInfo following a question from a Twitter follower, it seems that attackers have taken to spoofing messages from WhatsApp itself, asking users for those codes. Obviously, the code you then receive relates to your own account not your “friends,” and by forwarding that code, you are essentially providing an attacker everything they need to hijack your account. They then send you a message along the lines of “my SMS isn’t working, WhatsApp need to send a code and can’t, so I’ve asked them to send it to you instead. What is happening behind the scenes is that an attacker has already hijacked a friend’s WhatsApp or Facebook account. Until now, the hack relied on tricking users into giving up their SMS verification codes to a supposed friend or contact.