23 November 2020 Department of Computer Science , News Media , Systems & Networking , Security , Media

When a secondary school friend contacted him out of the blue a few months ago asking for a verification code on WhatsApp, administrative executive Tan Jun Heng, 25, did not suspect anything was amiss.

His friend simply claimed to have "accidentally" sent the code to his number. But within seconds of sending the code, Mr Tan was automatically locked out of his own WhatsApp account. It had been hijacked.

Mr Tan and his friends are among a growing pool of WhatsApp users who have become victims of social hacking, where scammers use already hijacked social media accounts to contact victims by posing as their friends or family.

National University of Singapore's Associate Professor Chang Ee-Chien, whose research interests include data privacy, said the impersonation tactics used by hackers are "very low-tech, but very effective, as people tend to trust their friends or family".

With full access to their victim's account, hackers may then exploit the victim's personal relationships and ask for money from friends or family. Or, if they glean enough information about their victim's place of employment, they may also target the victim's workplace, added Prof Chang. 

However, experts say, there are preventive measures that users can take to prevent such attacks.

Ms Wong and AiSP executive committee member James Tan said setting up a two-step verification process on your WhatsApp account can prevent others from signing in to it. Users should not click on suspicious looking links, even if they are purportedly from friends or family, they added.

For impersonation scams, however, "the only solution is to not trust people", said Prof Chang. He added: "It is very important that you must presume that whoever is speaking to you on the other end is not your friend."

The Straits Times, 17 November 2020

The New Paper, 17 November 2020