News
Verification, one way to defend against WhatsApp hackers
View(s):By Dilushi Wijesinghe
A concerning surge in scams involving hacking, particularly on the Meta-owned messaging platform WhatsApp, has raised alarm in recent months in Sri Lanka.
Despite risks to personal security and privacy, authorities appear to be largely silent.
Boshan Dayaratne
As cybercriminals become more sophisticated, a diverse array of users of social media have become increasingly vulnerable to various forms of fraud, from account hijacking to phishing attacks.
Group Director/Chief Executive of CICRA Holdings, Boshan Dayaratne told the Sunday Times that hackers not only access WhatsApp directly, but rather, gain access to the mobile phone itself.
“Either you click a link, or you click [on] a video which comes on to your WhatsApp, and then there is a malware or virus planted in your mobile device. And from there, they keep sending messages into your address book or sending a WhatsApp message to the people who are in your contact list,” he explained.
Advising potential victims, Mr. Dayaratne said: “Number one is to never click on a link sent to you via WhatsApp, email, social media, or anywhere else. Also, make sure to verify who sent it. Sometimes, even if a good friend of yours sends it, if their phone has been compromised, it doesn’t necessarily mean they sent it. It could be someone else using their device.
“But if you’re curious to find out what’s in the message and not just avoid it, the best thing to do is copy the link into a web browser, whether it’s Chrome, Safari, or whatever browser you use, and then enter it. If an error code appears, you can be relieved knowing you’ve avoided an attack,” he said.
Speaking on the methods of scammers, Mr. Dayaratne said: “For instance, imagine you’re looking to sell a used laptop on an e-commerce platform where you’ve posted an advertisement. Then, someone calls you and says, ‘I see you’ve advertised it for 225,000. I’m willing to buy it at that price.’ The person then asks for your account details to transfer the payment. You assume they’re legitimate and provide your account information. Later, they act in a way that seems to build your trust.” 
He said: “The final step is when you notice that your money hasn’t gone through, but you will receive a message with a number. They ask you to provide that number, and that’s when you get tricked. You’ve already shared all your account details for the transfer, and now you’re also giving them the OTP.”
Mr. Dayaratne also said: “Another common mistake is using a very basic password that can easily be guessed. Many people tend to create simple passwords, but it’s important to have a more complex one with a mix of lowercase and uppercase letters, as well as symbols. A password should be at least nine to 12 characters long, making it harder for someone to guess. There are tools available that can guess passwords, and many people still use easy combinations like their name followed by 123”.
Few more have fallen victim.
One of them, journalist N. Ranasinghe told the Sunday Times that he had received a call from a person claiming to be from the Presidential Media Division and said that if he wanted to join a zoom meeting to read out the OTP. Once the number was given his WhatAapp account was hacked.
His friends who received messages from his number thereafter had alerted him. He had alerted the police and the cyber crime division of the police had responded. A suspect, reported to be from Eravur, has been arrested.
Another senior journalist whose WhatsApp had been hacked had called over at the Criminal Investigations Department (CID) which in turn wanted him to bring a written complaint. Thereafter he filed a complaint online.
He was told that a police officer would contact him, but it has been a month since the complaint and nobody has reached out.
He had also contacted the Computer Emergency Response team, which is described as the National Centre for Cyber Security, which has the responsibility of protecting the nation’s cyberspace from cyber threats, but lacked any support.
An officer had explained that they lacked the legal powers to act.
There were others who had fallen victim to the hacking of their WhatsApp accounts.
One of them, a private sector employee, had received a call in the busy morning hours. The caller said a meeting had been organised and that he could join in by sharing the OTP he had received.
Not realising the danger, he had shared the OTP and he soon realised that his number had been hacked.
From then onwards it was a stream of telephone calls after they received the message ‘Hello good morning. How are you doing ? Please I need a little favour from you’.
Some of them responded to the WhatsApp message and had been asked to deposit Rs 100,000 claiming that the money will be refunded by next morning. An account number of People’s Bank in Gampola had been provided.
A senior officer of the bank said the particular account had been frozen and that money could not be deposited, or withdrawn.
One person who tried to transfer money to the account had found that it was not active and had asked for another bank account number. An account number in the Anuradhapura People’s Bank branch had been given, and a transfer of Rs 100,000 had been done.
However, after the private sector employee had been alerted that the money had been transferred, he had alerted the Anuradhapura branch. That account too had been frozen. The depositor is likely to go through a long process to recover the money, according to police.
Responding to a complaint, the police had said that a court order would be needed to get the money released.
After the Anuradhapura account had been frozen another person who responded to the hackers’ message had been given a Commercial Bank account.
Many victims believe that account holders receiving funds could be easily traced and investigations could be speeded up, while creating more public awareness about the fraud.
The best way to say that you found the home of your dreams is by finding it on Hitad.lk. We have listings for apartments for sale or rent in Sri Lanka, no matter what locale you're looking for! Whether you live in Colombo, Galle, Kandy, Matara, Jaffna and more - we've got them all!