WhatsApp and Telegram account hijacking: How to protect yourself against scams

[harlan4096]

We look into every method of hijacking WhatsApp, Telegram, and other messaging accounts – from quishing to fake gifts and viruses, and ways to protect yourself against them.
 
Cybercriminals around the world keep honing their schemes to steal accounts in WhatsApp, Telegram, and other popular messaging apps – and any of us could fall for their scams. Only by becoming a victim of such an attack can you fully appreciate how vital a tool instant messaging has become, and how diverse the damage from hacking a WhatsApp or Telegram account may be. But better not to let it come to that, and to learn to recognize key hijacking scams in order to prevent them in time.

Why hijack your WhatsApp or Telegram account?

A stolen account can be appealing because of its content, access rights, or simply the fact that it’s verified, linked to a phone number, and has a good reputation. Having stolen your Telegram or WhatsApp account, cybercriminals can use it in a variety of ways:

• To send spam and phishing messages on your behalf to all your contacts – including private channels and communities.
  
• To write sob stories to all your friends asking for money. Worse yet – to use AI to fake a voice or video message asking for help.
  
• To steal accounts from your friends and family by asking them to vote in a contest, “gifting” them a fake Telegram Premium subscription, or employing some other fraudulent scheme – of which there are many. Coming from someone the recipient knows, messages like this tend to inspire greater trust.
  
• To hijack a Telegram channel or WhatsApp community you manage.
  
• To blackmail you with the contents of your chats – especially if there’s sexting or other compromising messages.
  
• To read your chats quietly, which may have strategic value if you’re a businessman, politician, military or security officer, or civil servant.
  
• To upload a new photo to your account, change your name, and use your account for targeted scams: from flirting with crypto investors (pig butchering) to requests from the victim’s boss (boss scams).
  

Due to this variety of applications, criminals need new accounts all the time, and anyone can become a victim.

WhatsApp, Telegram, and QQ quishing

Scammers used to steal accounts by tricking people into giving them text verification codes (required to log in), or by intercepting these codes. But since this method is no longer as effective, the focus has shifted to trying to link an additional device to the victim’s account. This works best when using phishing schemes based on QR codes – known as quishing.

Attackers either put up their own ads or carefully stick malicious QR codes on top of someone else’s to overlay the legitimate code. They can also print a QR code on a flyer and drop it in a mailbox, post it on a social network or website, or simply send it by email. The pretext can be anything: an invitation to join a neighborhood chat; connect to an office, campus, or school community; download a restaurant menu or claim a discount; or view cinema showtimes or extra information on movies and other events.

Continue Reading...