Towards the 2nd half of 2020, with many of us relying on digital means for work and personal communications, we saw a spike in hijacking of accounts in popular instant messaging (IM) platforms, such as WhatsApp.
Registration of your mobile number on all instant messaging platforms requires sending of one-time password (OTP) to your mobile number and submission of the OTP back to the platform.
Capitalising on this mandatory step and through social engineering techniques, attackers tricked the real IM account owners to forward the OTPs to the attackers, resulting in transfer of the compromised IM accounts to the attackers’ mobile phones.
Though we cannot prevent attackers from performing social engineering attacks on us, there is however a simple step that we can take to better protect ourselves. That is to turn on two-step verification, PIN protection or Registration Lock of your IM account.
Similar to our ATM PIN, we should never ever hand over this secret PIN to any external party, even to someone close to us as their identity may have been spoofed.
In this article, we are going to share how you can secure popular IM clients - Whatsapp, Telegram and Signal.
For iPhone and Android users, go to Settings > Account > Two-Step Verification and turn it on.
For iPhone and Android users, go to Settings > Privacy and Security > Two-Step Verification and turn it on.
In addition, you should enable Passcode Lock to ensure that no one who has access to your mobile phone can read your Telegram messages without the Passcode.
For iPhone and Android users, go to Settings > Privacy > Registration Lock and turn it on.
Once the above security controls are enabled, do remember never to share your secret IM PIN with anyone else.
Stay safe and secure in 2021!