Today, the Lebanese woke up to the news of piracy campaigns targeting a large group of citizens. In this context, text messages were sent to a group of citizens on their phones, originating from social media applications, and containing codes used in the “Two-Step Verification” feature, without them registering their numbers. This is not the first time that citizens face attempts to hack their social media accounts, and it will not be considered the last time. To delve into the topic further, we should discuss the method hackers use to hack your accounts.
In order to be able to understand how the hacking process is done, we need to define 2-Step Verification. This feature includes two authentication methods that are performed one after the other, to verify that the person trying to access an account is the same owner. This feature adds an additional layer of security to the accounts, as in addition to his username and password, he will have to enter a code that the app sends via text message when logging in.
How do hackers use this feature to hack your accounts?
In order to be able to understand the method that hackers use to hack your accounts, we will take a specific application as an example, and this method is usually applied to all social media. If we take the “WhatsApp” application, then when you download the application on the phone for the first time, the application asks you to enter your phone number in order to send a text message containing a code, to enter it in the application, and thus you can access your “WhatsApp” account.
And the hackers abuse this method, so they download the “WhatsApp” application on their personal phones, and enter the victim’s phone number, and thus he will receive a text message containing a code from the application, then the hacker communicates with the victim via “WhatsApp” impersonating the application, and puts the image of the application as a picture Personal, and often communicates from an external number, then he sends a message whose content differs, and we will discuss several examples of this case:
1. The hacker sends a message saying: “Hi dear user, WhatsApp support team recently noticed suspicious traffic on your account. That’s why we assume that this number is not your phone number. Please send the five-digit code sent to you to confirm your identity and to make sure Make sure this is your phone number. If you don’t send the code, we’ll have to block your account.”
2. The technical support team for the “WhatsApp” application would like to inform you that your “WhatsApp” account has been requested on a new device, to confirm the process, send *Yes*, if it is not you, then answer *No*, and if you do not send us the response immediately Your account will be deleted. We will send you a 6-digit code to confirm the legitimacy of your account. We are waiting for your verification code.
Hackers may sometimes resort to other methods, as they talk to the victim, claiming that they have sent her the code by mistake. They ask the victim if she can send the code.
How does this process work and how can we protect ourselves:
Cybersecurity expert Roland Abi Negm told An-Nahar that this phenomenon usually occurs using robots that randomly generate numbers. Therefore, many messages containing emoticons from applications reach users.
However, this does not exclude the possibility of anyone carrying out this process to target specific people.
Abi Negm added, “The process of sending messages that contain codes in itself is not a dangerous process, and at the same time we cannot control it. Anyone who owns our number can carry out this process.”
He explains that “the only way to protect ourselves from hacking is not to share these codes with anyone or any entity whatsoever. And everyone should have a zero-trust mentality when it comes to personal accounts. For example, if you trust someone, you cannot trust their digital accounts.” We cannot know whether his accounts were hacked or not.
How do we check if our WhatsApp account has been hacked?
Check your application activity. When you open the app, you will first see the list of messages. Check these messages for any conversations you didn’t have from people you don’t know.
Check your contacts. and outgoing or received calls, and also make sure that no new, unknown contacts appear in the list.
Check out the latest chat sessions. View the last session or any open session by clicking on the menu icon (three dots).
Select the Connected devices option.
Check the “Last Activity” list for any unknown devices.
If you find an unknown device, tap on it and select Sign out.
For his part, Jad Shahrour, the media official at the Center for the Defense of Media and Cultural Freedom, says, “This is not the first time that the Lebanese have been subjected to a hacking operation on their electronic devices.” He stresses “the seriousness of this type of targeting due to the lack of awareness regarding the protection of their personal data, and in the absence of targeted mechanisms and laws to protect citizens’ personal data.”
This phenomenon is global and not limited to Lebanon, and includes most applications, not just WhatsApp. It is unlikely that we will witness the disappearance of cyber security attacks, so awareness remains necessary to protect our data from being hacked.
