(844) 627-8267 | Info@NationalCyberSecurity
(844) 627-8267 | Info@NationalCyberSecurity

So. I Got Hacked | Opinion | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

When it comes to sharing stories, one of the hardest tales to tell is admitting you’ve made a bad decision or when you failed. I didn’t plan on this being the subject of my column, but after posting a story on my social media and seeing the feedback, I decided this is one to be told because I need to help others from making the mistake I did.

I recently got hacked on the WhatsApp chat program. WhatsApp is a Meta-based product, part of the Facebook, Instagram, etc. app family from that company. In my quest to learn more about world culture, I befriended someone from another country, where we built a casual, friendly pen pal relationship over the course of the last year.

The friendship wasn’t anything salacious or unusual. We would talk about our days, check in on each other’s families, and share food pics. I came to value my pen pal as a friend, and the conversations were light and fun overall. But one day, we got into an argument. Again, nothing too wild, just a cultural difference of opinion which we disagreed on and got a little more heated than usual. I thought once that conversation ended, the matter was over.

My friend, however, clearly did not.

Usually when there’s a disagreement, there’s two options: Talk it out or walk away. My now former contact chose a third unexpected option: Hack my WhatsApp account.

If you don’t want to read the full story account, I’ll just summarize it here. If you have a WhatsApp account, delete it now. It’s comically easy to hack and exploit, and the app’s technical support service will do nothing to protect you.

Did you know you can log in on WhatsApp as yourself on multiple devices at once? So can other people. Your login on WhatsApp is your phone number. That’s it. No password. Yes, there is a verification code needed to authenticate the account, but you can have that code easily redirected to another phone. When I say “easily,” I mean that. From what I can tell, I got hacked in my sleep, because a person can set up for you and redirect the activation code sent to voicemail so they get it and not you. You’ll never know it happened until it’s too late.

With a little bit of work, no real technical skill, and a few minutes, you can have two accounts on two phones, set up by having two phones. Both accounts act exactly as you, and you’ll never really see the difference.

Not really, anyway. Things I noticed were people having access to chat information they should not be able to be aware of. I was sending messages directly to just myself in a private chat occupied by no one but me, and that’s how I caught them the first time. They answered a question I sent just and only to myself.

There’s a few minutes delay between things, so you may not instantly see what they’ve done. They can send messages as you and delete them, so you’ll never know they happened. They can access and harass your contact list. And finally, they can use their version of “you” to call themselves, pick up, and it activates your real account, so they can listen in to you in the background. You’ll never know, because they can call and answer both so fast, you’ll never know an active call is taking place unless you happen to be looking. And the call log won’t show up until several minutes later.

But you’ll hear the voices.

They hang out right alongside you, because they’re also you. My hacker was stupid because they thought it was fun to chime in on conversations, which made it easier to detect how far they were in my account. They were listening. And trying to see, had I not put tape over my camera. They were trying to call me and record me.

I contacted WhatsApp support, and they couldn’t see anything wrong, because it’s not another device logged or linked into your account, the hacker is acting as you. They don’t need other devices, because they can one hundred percent act as you, and it’s so good it can fool WhatsApp. I tried in-app support, and I realized the hacker ended that support ticket, having “resolved” the issue.

For two weeks, it felt like a poltergeist had infested my phone, and I couldn’t kick them out, because WhatsApp doesn’t really have a log out feature, either.

It gets worse. Here’s where I decided to spray sewage on the on-fire wrecking ball in an attempt to make it stop.

On Reddit, I saw a comment about “Contact this guy to get your account back from hackers.” I ordinarily would never reach out to services like this, but after two weeks of my phone lighting up like a carnival ride and WhatsApp giving me the equivalent of the “shrug” emoji and a link to a generic FAQ when I asked for help, I got more desperate than I usually would.

Google “Account Recovery Specialists.” I wish I had. It’s a scam. A Nigerian one, at that. After paying an upfront fee, additional service and software costs kept getting added to my bill. Pay services like PayPal and CashApp were rejecting the transfers. The guy did get a little money from me, but at the end, he tried to slap an additional $419 on my charges without verification he actually did anything (no screenshots, no visible changes to my phone’s service, no proof the hacker was out, etc.), I said “Enough” and refused.

The scammer went between a cross of sugar sweet to threats he was “going to destroy my life,” with plans to go after everything I own past WhatsApp. I deleted WhatsApp and the email I used, deactivated the one social media site he knew of, and went to the Corsicana Police Department. Upon recommendation, I also bought an iPhone, as they have a reputation of being more secure than an Android phone.

So after a purging of the old phone, and securing a new phone, the voices have stopped. I can use my phone normally again.

Having been cut off from everything else except my cell phone (which again, is your WhatsApp login), I’ve gotten a few desperate “let’s talk buddy so I don’t have to hurt you” texts and an unknown phone call or two. But I’ve locked my phone down hard, and I’ve ghosted “Joseph/Yazeed” harder than the main speaker at a paranormal convention.

As of today, the voices have stopped (so far). While it looks like I’ll get most of the money I did spend back, I’ve resigned myself to understanding I’ve stimulated Nigeria’s economy.

I shared my experience on my own Facebook, and after some prompting, I’m sharing my experience here. A friend copied and pasted my story to share on her own timeline, and within a few hours, her public comments section was flooded with nearly 30 suggestions for “account recovery specialists” offering to fix the account, all using key phrases my original guy did. These “specialists” are a new predatory trend you need to watch out for, and yes, “Nigerian scams” are real. Look for the “234” Nigerian country code.

My advice? Delete WhatsApp off your phone. Between it’s almost non-existent security protocols and lack of detailed support from WhatsApp itself, you’re on your own, and you can’t log the hacker out. Even if you can, there’s nothing stopping them from easily repeating the process. I NEVER would have contacted anyone for outside help had WhatsApp taken me seriously and done something.

Your kids may fuss about losing the app on their phone, but this is a “tragedy” that will easily be forgotten in their long lives. I assure you, your kids will find the strength to move on.

Regardless of a year and needless to say, the friendship with my pen pal has run out of ink, and I don’t care to ever refill it again.


Click Here For The Original Story From This Source.

National Cyber Security