WhatsApp Users Targeted in Surge of Account Takeovers

A wave of WhatsApp account hacks has swept through the country, leaving prominent figures, including politicians, legal professionals, and journalists, vulnerable to cybercriminals. The Sri Lanka Computer Emergency Readiness Team (SLCERT) has reported a startling increase in these incidents, documenting 74 cases in recent weeks. Cybersecurity experts warn that these attacks are becoming increasingly sophisticated, exploiting a deceptive tactic to gain control of users’ accounts.

Sophisticated Phishing Scheme Targets Users

According to Senior Information Security Engineer Charuka Damu-nupola, these attacks frequently begin with seemingly innocuous online meeting invitations delivered through WhatsApp. These invitations often originate from unknown numbers or even appear to come from trusted contacts, adding a layer of believability.

“Hackers cleverly manipulate users into sharing a meeting verification code,” explains Damu-nupola. “This code is then exploited to seize control of the victim’s WhatsApp account.”

Impersonation and Urgent Requests Fuel Fraud

Victims report a chilling pattern involving WhatsApp calls from individuals posing as professionals in their respective fields. These imposters invite them to online meetings related to their work, seemingly building credibility. They then claim to have sent meeting login details but insist that the victim share the verification code they receive. Unaware that this code grants the hacker access, unsuspecting users comply, unknowingly handing over the keys to their accounts.

Once in possession of the compromised account, hackers immediately spring into action. They use the victim’s familiar profile to send urgent messages to their contacts, often pleading for financial assistance. These messages typically depict a fabricated emergency, requesting immediate funds transfers to third-party accounts with a promise to repay the money the following day. This strategy preys on the trust and goodwill inherent in personal relationships, effectively tricking contacts into sending money to the hacker.

Urgent Security Measures Recommended

SLCERT has issued a stark warning to all WhatsApp users, urging them to exercise extreme caution and safeguard their personal information. “We strongly advise against sharing personal verification codes under any circumstances,” stresses a SLCERT representative.

If a user suspects their account has been compromised, immediate action is crucial. SLCERT recommends uninstalling the WhatsApp application, reinstalling it afresh, and then re-registering the phone number associated with the account. This process effectively purges the hacker’s access and restores control to the rightful owner.

The organization emphasizes the importance of vigilance in safeguarding personal information. “Preventing unauthorized access and financial fraud requires constant awareness and proactive measures,” SLCERT states.

Why are prominent figures being specifically targeted in these ​WhatsApp account takeovers?

## WhatsApp Account Takeovers on the Rise: A Growing Threat

**Intro Music**

**Host:** Welcome back to Cyber Watch. Today we’re diving⁣ into a disturbing trend: a surge in WhatsApp account⁢ takeovers targeting prominent figures. Joining​ us to discuss this growing threat is cybersecurity expert Charuka Damu-nupola, Senior⁤ Information Security Engineer. Charuka, thanks for joining us.

**Charuka:** Thanks for having me.

**Host:** ⁣ Let’s start with the‍ numbers. We’ve seen⁣ reports of‍ a significant ⁢increase ​in these attacks. Can ⁤you ‌give us an idea ⁢of ​the scale of the problem?

**Charuka:** Absolutely. The Sri ‌Lanka Computer Emergency Readiness Team (SLCERT) has documented a startling 74⁢ cases in⁢ just the past⁢ few weeks alone. ‌ [[Not provided] ]This is ⁤a⁤ significant increase, and it’s a worrying trend.

**Host:** These attacks seem⁤ to be particularly targeting prominent individuals like politicians, lawyers, and journalists. Why do you think these groups‌ are⁣ being specifically targeted?

**Charuka:** These‌ individuals often have access to sensitive information and ⁢hold positions of trust. Cybercriminals ⁤can​ exploit this ⁢by impersonating them ⁤to ⁤gain the confidence of their contacts and ultimately defraud them.

**Host:** How ⁤are these attacks carried out?

**Charuka:**

Typically, the⁢ attack begins with ‍a ‍seemingly harmless online ⁤meeting⁤ invitation sent through WhatsApp. These invitations often appear to come from trusted contacts or unknown numbers, making ⁤them ‌seem more⁣ believable.

**Host:** What happens next?

**Charuka:** Hackers ⁤cleverly manipulate the victim into sharing ‍a meeting verification code. This⁤ code gives ‍them access​ to the victim’s ‌WhatsApp account, allowing them to impersonate the individual and​ communicate with ⁢their contacts.

**Host:** Once they have control of the account, ⁣how do they exploit⁣ it for financial gain?

**Charuka:** They often impersonate the victim through WhatsApp calls, posing as professionals in the victim’s field. They create a ​sense of urgency, often fabricating scenarios like a legal emergency or a time-sensitive‍ investment ⁢opportunity. This pressure tactic often ‌leads victims‍ to​ make hasty decisions and transfer money to the scammer.

**Host:** What can WhatsApp users⁤ do to‌ protect themselves⁤ from these‍ attacks?

**Charuka:** Be wary of any unexpected meeting invitations, especially those from unknown numbers. Never share ⁤your verification code with anyone. Enable two-factor​ authentication for ⁢your WhatsApp account. Be skeptical of urgent requests for ‍money, especially from people you don’t know personally. Always verify the identity‍ of the person contacting you before⁢ sharing any ​sensitive ⁢information.

**Host:** Excellent advice, Charuka. Thank⁤ you for shedding light on this growing threat.

**Charuka:** You’re welcome. It’s important to⁢ stay⁣ vigilant⁣ and protect ourselves against ‌these increasingly sophisticated scams.

**Outro Music**