Use 2FA to Stop This New WhatsApp Account Attack, But Enable 2FA (Not SMS) For All Accounts That You Can
Some good advice and insight in the linked article about how this attack is perpetrated. Most social media and other accounts (Telegram, Twitter, Amazon, Facebook, Google, etc) offer 2FA or 2-step verification but few folks activate it. 2FA (Second Factor Authentication) is your guarantee that someone cannot login from a new device using just your password which they scraped off a hacked website. The same goes for password managers which have 2FA and fingerprint login so that the application stays locked unless you are using it.
So some tips are:
1. Use a proper password manager that generates unique secure passwords across all your sites.
2. Use a code based 2FA tool such as Authy. I recommend Authy as it syncs across devices (even if you lose your phone, hopefully you have also set it up on your computer).
3. Try not to use SMS based 2FA as there are too many issues with SIM swap fraud or a phone that is lost with its SIM and the SIM was not locked.
4. Never provide your password or authentication code (only valid for 60 seconds) to a third party.
5. Do it today, not tomorrow.
See Use 2FA to Stop This New WhatsApp Account Attack
A simple but noteworthy attack is making the rounds on popular chat service WhatsApp. It’s incredibly easy for someone to pull off—all they need is access to a single account that has you listed as a contact. And if you’re susceptible to a bit of social networking, said attacker can take over your WhatsApp account pretty easily.
source https://gadgeteer.co.za/use-2fa-stop-new-whatsapp-account-attack-enable-2fa-not-sms-all-accounts-you-can
Comments