How phone hackers took control of my WhatsApp | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

It started on Friday, August 25, with a phone call from a man who claimed we belonged to the same WhatsApp group. The chat group membership contains credible names, including ordained priests. I told him I was in a meeting but would call him later.

When he called again early afternoon asking if we could now talk, I agreed. He asked if I had seen ‘the code’, and without a thought, I checked my phone, saw the code and clicked on it. And that was when the rain started beating me. I had travelled by bus for more than 48 hours and my level of alertness was at its lowest.

The fraudster took full control of my WhatsApp account. My daughter called soon after and asked, “Mum, are you OK?” I said ‘Yes’. She asked if I had sent her a message. I said no. The conversation ended there. Shortly after, a friend from a professional editors’ group called to ask me why I was sending out so many messages.

Then my Kianda host called. By that time, I had reached the Nation Centre. I told an acquaintance that it seemed my phone had been hacked. He advised me to shut WhatsApp and reopen after an hour.

Later that evening, my morning host at Kianda called to ask if I had received the money. “Which money,” I asked. She said I had requested her for Sh4,000. Sensing danger, I asked her for transaction details. She initially declined to give me the details explaining that if it was a fraud, the con man would probably see the message and inflict further damage on us. I later got the details through a mutual friend.

My daughter, who has an IT degree, noted that my line was still active. She helped me reach out to WhatsApp. However, when she told me to expect a new code, I was quite sleepy. It was Saturday, the third night without proper sleep. ‘Let’s deal with it in the morning,’ I said. Little did I know I was making a bad case worse.

When she requested a new code from WhatsApp after I woke up, the message was terse: I had made too many guesses and would now have to wait for a further nine hours. Nine hours morphed to three days, and the staff at the Safaricom shop at Sarit Centre, who was helping me, on September 1 at 5.03pm told me that I needed to provide the previous code — which I don’t remember having.

The young woman advised that I don’t visit the shop until I receive communication from WhatsApp. I’m still waiting for Godot at the time of filing this story. Safaricom faults WhatsApp for not having a service centre in Nairobi, hampering rapid response to their hacked customers.

Amid all this, requests for money by the fraudster from numbers in my phonebook were pouring in fast and furious, even as I sent out warning text messages. The texting process was torturous until a son assisted me to use a bulk short message service (SMS) to reach out to all my Google-saved contacts. At Sh1,060, it was expensive — but it did the trick because the last activity on my stolen WhatsApp account was sighted in the wee hours of August 31.

My contacts lost at least Sh17,000. The saddest and most traumatic for me was Sh8,000, which I had ostensibly asked from a former colleague. I was hysterical, more so when I couldn’t reach him to tell him to reverse the transaction immediately. I wept. Then I called an editor friend at NMG and asked her if she could send emails through the editorial group to put my former colleagues on the alert. She did.

Meanwhile, Safaricom, through whose clients’ M-Pesa accounts the theft was happening, advised that I report to police. I didn’t do so immediately since work was piling up on my desk and I thought to postpone my visit to police… until a third victim was hit—a friend of my son. He lost Sh5,000. Coincidentally, as soon as he sent the cash, the con man asked for more — “Add Sh12,000!”

I felt I should refund the stolen money, but they all declined. One said two of his friends lost Sh50,000 and Sh80,000 recently, meaning that such fraud is rampant.

The stolen money went to a Kigen (Sh5,000), Waliaula (Sh8,000) and Nyaga (Sh5,000). I use one name because the real account owners could be innocent.

A fraudster is single minded and won’t deviate from his sole agenda: to fleece you.  The nearest miss was a sister, who had no money in M-Pesa. She was pained at being unable to help me— until she learned the truth. “Thank God I had no money. I’d have lost it.”

The greatest damage I suffered was being treated suspiciously. Although Safaricom said it was safe to use another line for WhatsApp, which I have done, it took quite long for some groups to readmit me for safety reasons. Some are yet to readmit me. In the meantime, I am yet to regain control of my old WhatApp account.


Click Here For The Original Story From This Source.

National Cyber Security