Cybersecurity Tip of the Month: Securing Your Instant Messaging Accounts

Towards the 2nd half of 2020, with many of us relying on digital means for work and personal communications, we saw a spike in hijacking of accounts in popular instant messaging (IM) platforms, such as WhatsApp.

Registration of your mobile number on all instant messaging platforms requires sending of one-time password (OTP) to your mobile number and submission of the OTP back to the platform.

Capitalising on this mandatory step and through social engineering techniques, attackers tricked the real IM account owners to forward the OTPs to the attackers, resulting in transfer of the compromised IM accounts to the attackers’ mobile phones.

Though we cannot prevent attackers from performing social engineering attacks on us, there is however a simple step that we can take to better protect ourselves. That is to turn on two-step verification, PIN protection or Registration Lock of your IM account.

Similar to our ATM PIN, we should never ever hand over this secret PIN to any external party, even to someone close to us as their identity may have been spoofed.

In this article, we are going to share how you can secure popular IM clients - Whatsapp, Telegram and Signal.


For iPhone and Android users, go to Settings > Account > Two-Step Verification and turn it on.

WhatsApp on iOS
WhatsApp on Android


For iPhone and Android users, go to Settings > Privacy and Security > Two-Step Verification and turn it on.

In addition, you should enable Passcode Lock to ensure that no one who has access to your mobile phone can read your Telegram messages without the Passcode.

Telegram on iOS
Telegram on Android


For iPhone and Android users, go to Settings > Privacy > Registration Lock and turn it on.

Signal on iOS
Signal on Android

Once the above security controls are enabled, do remember never to share your secret IM PIN with anyone else.

Stay safe and secure in 2021!

98 views0 comments
Member of Rajah & Tann Technologies Group
We are registered in Singapore as an Exempt Private Company Limited by Shares (UEN 202021677N)
Rajah & Tann Cybersecurity Pte Ltd is not a law practice

©2020 by Rajah & Tann Cybersecurity Pte Ltd