Hackers have taken over the WhatsApp account of a well-known Norwegian investor and tried to gain access to several accounts belonging to his immediate family.
He does not want to be named, but Nettavisen knows his identity.
– It all started with them calling me on my number in the middle of the night with numbers from Birmingham and several different places. I was asleep, so I didn’t catch it. The next morning they start calling again. After a message had been left, I pick up the phone.
The investor does not believe that he had entered two-factor authentication in advance.
– What happens then is that I am completely banned from WhatsApp. I try to get in but they had access to the email so the code sent to me also went to them.
When he asks for a new access code from WhatsApp, the code comes from their phone number, registered in the US, and not from WhatsApp.
– When I first get a code from WhatsApp, the crooks have entered another ID, so it doesn’t match. Finally, I am told that they have used up the number of times, and that I have to wait first for one hour, then for seven. And that’s how the round dance goes.
It is possible that the hackers gained control of the email account and used it to access the WhatsApp account. The investor explains the order in which he discovered it.
also read
Norway at the top of phone fraud in the Nordics
Had to get a new SIM card
The investor then contacted his telephone operator Telenor. He had e-mail via Telenor, and therefore had to change the password on his user.
– Today I got a new SIM card. After reinstalling the app, I was able to access WhatsApp again.
He then asked if a friend could put him back into a large group. When he was added, the user with the American number appeared in the group.
– Delete me at once! he then said to the administrator of the group.
The hackers gained access to one of the family members’ accounts, but not the others they tried to access.
also read
Warning to 4.3 million Norwegians
Access to messages and photos
For the investor, the consequences are that the bad guys can gain access to messages and images that have been sent.
– It is encrypted, but as long as they have access to the account, they can read everything that is written. Fortunately, it is not such a secret that it makes a difference, he explains.
He nevertheless says that over the years there have been many messages and photos that have been exchanged.
– For some, it can be very uncomfortable.
Another consequence is that all the groups for which he is an administrator cannot be used further. The hackers have set themselves up as administrators with the American number.
– We have to create new groups.
The investor wants to come forward to warn others who believe that WhatsApp is safe and impenetrable. He has repeatedly tried to notify WhatsApp, but has only received automated responses in return.
also read
Misused images of models to lure Norwegian men: – It’s terrible
Form of ID theft
When someone “hijacks” your account it is called an “account takeover”. This means that criminals illegally gain access to these and take control of them.
– Account hijacking is a form of ID theft, and something more and more Norwegians are experiencing, says senior security advisor Thorbjørn Busch at Telenor.
He gives general advice on account hijacking, not related to the investor’s case.
– You may notice that you are exposed to account hijacking by the fact that you no longer have access to your email or profile. This happens because the criminals who have taken over the account are quick to change the password, so that they have full control.
These methods can be used by criminals to gain access to your account
– Often you don’t even notice that your account has been hijacked, especially if it’s an account you don’t use very much. It may also happen that those who have gained access to your account do not change their password, so that you will not notice this, says Busch.
How to protect yourself
In addition to the fact that you should always use passwords that are difficult to guess, there is an easy way to protect yourself: Two-step verification, also known as multi-factor authentication, 2-step verification or two-step login.
There is an additional layer of security offered by most services where you can have an account.
After this has been activated, you must have a personal one-time code, or approve by phone to get into the account.
– This means that even if your password is leaked, a stranger will not be able to use this to get into your account if they do not have access to the one-time code, says Busch.
