Hackers took over the WhatsApp account of a well-known Norwegian investor and tried to access several accounts belonging to his immediate family.
He does not want to reveal his name, but Netavizn knows his identity.
It all started with people calling me on my phone in the middle of the night with numbers from Birmingham and many different places. I was asleep, so I didn’t catch her. The next morning they started calling again. After I left a message, I picked up the phone.
The investor does not believe that he has introduced two-factor authentication in advance.
– What happens next is that I am completely banned from WhatsApp. I’m trying to get in but they had access to the email so the code sent to me went to them as well.
Whenever they request a new access code from WhatsApp, the code comes from their phone number registered in the US and not from WhatsApp.
– When I get a code from WhatsApp for the first time, the scammers put in another ID, so it doesn’t match. Finally, I was told that they had run out of times, and that I had to wait first for one hour, then for seven. And this is how the round dance goes.
The hackers may have taken control of the email account and used it to access the WhatsApp account. The investor explains the order in which he discovered it.
Read also
Norway is at the top of the phone fraud list in the Nordic region
I had to get a new SIM card
Then the investor contacted the telephone operator Telenor. He had a Telenor email and therefore had to change his username password.
Today I got a new SIM card. After reinstalling the app, I was able to access WhatsApp again.
Then he asked if a friend could take him back for a large group. When added, the user with the US number appeared in the group.
– Delete me at once! Then he told the group manager.
The hackers gained access to one family member’s accounts, but not the other accounts they tried to access.
Read also
Warning for 4.3 million Norwegians
Access to messages and photos
For the investor, the consequences are that the bad guys can access the messages and photos that have been sent.
– It’s encrypted, but as long as they have access to the account, they can read whatever is written. He explains that, fortunately, it’s no secret that it makes a difference.
However, he says many letters and photos have been exchanged over the years.
For some, it can be very uncomfortable.
The other consequence is that not all of the groups he is the administrator of can be used any further. The hackers set themselves up as administrators with the US number.
– We have to create new groups.
The investor wants to come forward to warn others who think WhatsApp is safe and unhackable. He repeatedly tried to notify WhatsApp, but only received automated responses in return.
Read also
Abuse of models’ photos to seduce Norwegian men: – It’s terrible
Identity theft form
When someone “hijacks” your account, it’s called an account takeover. This means that criminals can illegally access and control it.
Account hijacking is a form of identity theft, something more and more Norwegians are experiencing, says Thorbjørn Busch, senior security advisor at Telenor.
It gives general advice on account takeover, not related to the investor’s case.
– You may notice that you are exposed to account hijacking by the fact that you can no longer access your email or profile. This happens because the criminals who have taken over the account are quick to change the password, so they have full control.
These methods can be used by criminals to gain access to your account
Many times you don’t even notice that your account has been hacked, especially if it’s an account you don’t use often. It may also happen that those who gain access to your account don’t change their password, so you won’t even notice, says Busch.
How to protect yourself
In addition to the fact that you should always use hard-to-guess passwords, there is an easy way to protect yourself: two-step verification, also known as multi-factor authentication, two-step verification, or two-step login.
There is an extra layer of security offered by most services where you can get an account.
After activating this, you must have a personal one-time code, or agree by phone to enter the account.
This means that even if your password gets leaked, a stranger won’t be able to use this to access your account if they don’t have access to the one-time code, says Busch.
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”