Caption for the landscape image:

When hackers take over your WhatsApp account

Scroll down to read the article

A woman checks her WhatsApp messages on a smartphone. Hackers often use stolen identity data for impersonation and spread of misinformation. Photo | Sylivia Katushabe

Ms Recheal Babirye had always been sure she knew how to manage her activity online. However, this came into question when she received a particular text message. Babirye always had WhatsApp prayers with friends, a routine that brought comfort. So, when she received a text message from a known number proposing a change about the prayer sessions, she didn’t think twice about accepting.

“I received a text message from a friend’s contact seeking permission to add me to a prayer session on Zoom. I told him it was okay as we’ve always conducted prayers on WhatsApp groups with him. He told me, he would send a link that would let me in. Later on, he tells me he will use a code, so when I receive it I should send it to him and that will be my passcode to the prayer session on Zoom,” Ms Babirye says.

Even though this procedure was not familiar, Ms Babirye did not ask any questions as she trusted the person on the other end.

She narrates: “I wondered how that would work but I was confident because I knew the number I was talking to. At 2am, he sent a WhatsApp message asking whether I had received the code, and I said no. He told me to wait a bit. ‘Let me work on it, a code will appear on your WhatsApp screen, and the moment you see it, send it to me’.”

Eventually, the said code came through.

“He asked me to send the code and I did. After a while, the pop-up message gave me two options which read ‘MOVE’ and ‘REMAIN ON PHONE’,” Ms Babirye says.

Her first instinct was to click the second option.

“So I first clicked on ‘REMAIN ON PHONE’. But he texted me back quickly saying I should press the first option of ‘MOVE’ and so I did. Just before I could make any further steps, I noticed I couldn’t get access to my WhatsApp account,” she recounts.

It was at this point that she knew her account had been taken over by another person. She reached out to her network, warning against any suspicious messages from her compromised account.

“I was quick. Looking at the society around me like school, work, church, leadership, and friends overseas, I made sure I called a contact at each of these places and asked him/her to post everywhere and inform other colleagues that my account was hacked. So the hacker wasn’t successful at stealing from any of my friends in my name,” she explains.

But the damage had already began. Through Ms Babirye’s hijacked account, the scammer targeted another friend and took over their account as well. Despite Ms Babirye’s efforts to contain the situation, some of her friends fell victim.

“Through my account, he hacked my other friend who thought she was talking to me. On this newly hacked account of my friend, he went ahead and asked for money from her contacts. Unfortunately, the contacts responded positively,” she said.

Ms Babirye later attempted to re-register her number on WhatsApp, but wasn’t able then. She was however able to regain control of her account hours later.

“I tried re-registering the contact and I failed. They claimed my number was already registered on WhatsApp. I contacted WhatsApp support via their website and reported the issue. They asked me to wait for 11 hours so that I could register again. When the hours elapsed, I re-registered my number and gained back my account,’’ she says.

Many other people have found themselves facing the same problem. Mr Chris Epila, a student, narrates how his phone, too, was hacked into. One day, he saw a link that said he could watch Netflix free of charge and without a second thought tapped on it. In about 10 minutes, he had received phone calls from his contacts saying he was sending weird links to the different WhatsApp groups he was part of. He took to YouTube to find ways of dealing with the situation but was unable to find a solution. He deactivated WhatsApp and stayed off it for a while.

Rise in crimes

Cybercrime cases like those, which Babirye and Epila have been victims of, are on the rise. According to the Uganda Police Force’s Annual Crime Report for 2022, a total of 286 cybercrime cases were reported, resulting in a financial loss of Shs19.2 billion.

The report highlighted, however, that only 45 cases were brought to court, nine cases were not pursued further, and 232 cases remained under investigation. Of the Shs19.2 billion lost to cybercrime, only Shs16.7 million was recovered.

A previous assessment by the Global Cyber Security Capacity Centre revealed that despite recognising cyber risks and threats and conducting cybercrime awareness campaigns, there is generally little to no recognition of a cybersecurity mindset within most government agencies in Uganda. The government agencies however are not the only ones that have to improve their cyber security. Individuals as well have to do so.

According to Mr Fred Drapari, the ICT executive and digital security focal person at Defenders Protection Initiative, hacking occurs because people do not understand the three pillars of digital safety: people, process, and technology.

They need to keep learning, be more aware, and work on their online behaviours.

“One might have the most secure gadget, but if they keep clicking on every link and ad they see, they are prone to hacking,” he explains.

He adds: “Someone comes to your inbox, claiming they want to add you to something and will send you a code that you have to send back. What this person is doing is installing WhatsApp on another phone and trying to access your account. When you sign into WhatsApp on a new phone, you need to verify it with a code sent to your phone. If you send this code back to them, they take over your account. You get logged out because your WhatsApp is now on another device with the verification code you sent.”

“So, users need to be cautious when someone asks them to send back a verification code. Always ask questions like, ‘What’s going on?’ or ‘Can you verify yourself?’ Sometimes, you might receive a code from an unknown number. Do not send it back. The code could be for any service, not just WhatsApp. It might be for resetting your Twitter password or accessing another online service,” he cautions.

Why you should be afraid of getting hacked

According to Mr Daniel Odaka, a technology enthusiast and Digital Channels Manager at Airtel Uganda, hackers use stolen data for financial fraud, identity theft, targeted scams, and account takeovers.

Mr Odaka explains: “They can make unauthorised purchases, drain bank accounts, or impersonate you to spread misinformation.”

This is the situation Mr Jerome Okello, a student at Makerere University found himself in. Although he did not click on any strange link, his phone was stolen while he was walking. Later, he discovered that the robbers were using it to scam his contacts.

They accessed his WhatsApp and sent messages claiming he had been in an accident and urgently needed money for medical bills, providing a different phone number for transfers. Some friends, concerned, were ready to send money, while others, suspicious, tried calling his number but got no answer. Eventually, a friend visited his home, informed him of the scam, and they alerted everyone.

For those on the other end, who receive messages asking for help from friends via WhatsApp, Drapari says they should first check thoroughly to find out if the person on the other end of the line is really who they claim to be.

“If I told you I’m sending you a code and asked you to send it back, you might trust me because you know me. But it might not be me. My account could be compromised. It’s important to call the person and verify if it’s actually them,” he advises.

Mr Odaka shares the most common methods hackers use to compromise smartphones. According to him, phishing remains a prevalent threat, where hackers use deceptive messages to trick users into clicking malicious links or downloading harmful attachments.

“Phishing messages often create a sense of urgency or fear, pressuring users to act quickly,” Odaka explains.

These malicious links or attachments can install malware, steal information, or even grant hackers remote access to devices.

Hackers often disguise malware as useful or entertaining apps, which can be found on unofficial app stores or even sneak through official ones.

Mr Odaka warns: “Once downloaded, these apps can steal your data, track your activity, or lock you out of your phone, demanding a ransom.”

He also shares that public Wi-Fi networks can be tricky to use, especially for sensitive matters.

“Though convenient, they pose risks. Hackers can set up fake hotspots or eavesdrop on unsecured connections to steal information. Avoid entering sensitive information like passwords or credit card numbers while connected to public Wi-Fi,” he shares.

Another method that hackers use, Odaka says, is SIM swapping, or SIM hijacking. This targets the weakness in two-factor authentication (2FA). Hackers trick mobile carriers into transferring a phone number to a SIM card they control, often through social engineering.

“This can lead to account takeovers and unauthorised access to personal information,” Mr Odaka notes.

How to keep safe

Drapari shares that there are policies and guidelines that people should follow. He stresses the importance of keeping gadgets up to date.

“Always update your gadgets. Manufacturers ask you to update because they have discovered loopholes,” he says.

He also advises enabling two-factor authentication (2FA).

“Now there’s two-step verification where you can create a six-digit PIN. When starting WhatsApp on another phone, even after verifying with an SMS, they will ask for this PIN, which only you know. This makes it difficult for someone to take over your account,” he says.

He also recommends practicing safe browsing habits, such as using privacy-focused web browsers, installing ad blockers, and tracking prevention extensions.

“Be cautious when visiting websites and only enter sensitive information on secure, encrypted sites,” he advises.

According to Odaka other best practices to safeguard smartphones include using strong authentication such as locking phones with a strong PIN, fingerprint, or facial recognition. He warns against easily guessable patterns or codes.

“Download apps from official stores. Pay attention to permissions requested by apps before downloading, and consider using a VPN for extra security,” he says.

He reiterates that using public Wi-Fi can increase hacking risks due to a lack of encryption and asks that people avoid sensitive transactions when using Wi-Fi.

“Don’t access bank accounts or enter passwords on public Wi-Fi. Turn off Bluetooth or AirDrop to prevent unauthorised access,” he says.

Mr Odaka says should your phone be hacked into without your immediate knowledge, some of the signs to tell that it has happened include; sluggishness or crashes or app freezes on your phone; messages, calls, or login attempts you don’t recognise; seeing apps you don’t remember downloading and having security features disabled or location sharing enabled without your knowledge.

How to respond

Mr Daniel Odaka, a technology enthusiast and Digital Channels manager at Airtel Uganda, advises  that if someone suspects their phone has been hacked, they should disconnect from networks to prevent further data transmission. Thereafter, change passwords for all accounts accessed from the phone. Go on to enable strong authentication by using a strong PIN, fingerprint scan, or facial recognition. Scan for malware using a reputable security app. Also, contact financial institutions if your financial accounts are compromised. If the issues persist, consider a factory reset. Report SIM swapping by contacting your mobile carrier to secure your account.  Mr Odaka concludes: “Users should focus on best practices, like keeping software updated and being cautious about downloads.”