Durban - While much attention has focused on the hacking of Facebook and Twitter accounts, data analysts have warned of a new trend of WhatsApp accounts being hacked.
The experts blame illegal SIM swops for the high rate of phone hacking in South Africa.
Former journalist Mpume Madlala, who now works in government communications, fell victim to WhatsApp hackers who used her profile to plead for money from friends and family on her contact list last week.
When alerted, Madlala took to Facebook to warn her friends of the scam.
“Someone has hacked my WhatsApp and is saying that I have been kidnapped and want money for my release. Please don’t send any money to me. I’m blocked out of my WhatsApp for 6 hours.”
Her friends replied to her message confirming that they had received messages from several different numbers, asking for money.
Madlala said she had to reboot her phone and was able to access WhatsApp, used by more than 1.5billion people worldwide, after seven hours. She had opened a case of fraud with the SAPS.
Bryan Turner, a data analyst at technology market research firm World Wide Worx, said certain stores did not follow the Regulation of Interception of Communications and Provision of Communication-related Information Act (Rica), which required SIM cards to be registered to their owners.
“You should not be able to get a new SIM over the counter without it being subjected to Rica. The source of hacking is illegal SIM swops. I can get a new SIM over the counter and use your number. It is quite scary. I will be able to get your OTP (one-time password - used in online banking) as well. Many bank accounts are also being hacked in this way,” he said.
Turner also warned those using WhatsApp Web (WhatsApp on a computer) that scammers could access their account remotely if they had access to the victim’s unlocked phone.
“This is one of the ways to get into a victim’s WhatsApp account without locking them out. WhatsApp has tried to combat this with a notification that lets the user know that their WhatsApp account is being used elsewhere. If one has not enabled WhatsApp Web and one sees this notification, one will need to tap that notification, and tap “Log out from all devices”, he said.
Hackers can install WhatsApp on their phone with another person’s number.
The app then automatically sends a code to the unsuspecting user - and the hacker - via SMS. The hacker then uses this code to access the WhatsApp.
The police said cybercrime was a fast-growing area of crime as criminals exploited the speed, convenience and anonymity of the internet for criminal activities across physical and virtual borders.
According to the South African Banking Risk Information Centre (Sabric), South Africa had the third-highest number of cybercrime victims worldwide last year, losing about R2.2billion a year to cyber attacks.