Don’t Share OTPs, Codes With ‘Ghosts’
Fraudsters exploit WhatsApp device-linking to hijack accounts, CERT-In issues alert
Hyderabad: A new phrase was added to a common man’s lexicon on Saturday when the Telangana Cyber Security Bureau (TGCSB) put people on notice over ‘ghost pairing’ attacks.
The WhatsApp ‘takeover’ — also known as a ‘ghost pairing attack’ — occurs when the user is tricked into sharing a WhatsApp code by a fake message or link, allowing an attacker to secretly link their device and take control of the account.
THE Indian cyber security agency CERT-In, flagging a vulnerability in the WhatsApp ‘device-linking’ feature, said: “It has been reported that malicious actors are exploiting WhatsApp's device-linking feature to hijack accounts using pairing codes without authentication requirement,” the advisory said.
The advisory said that the “high” severity attack campaign usually begins with the victim receiving a message like “Hi, check this photo” from a “trusted” contact.
The message contains a link with a Facebook-style preview. The link leads to a “fake” Facebook viewer that prompts users to “verify” to see the content. Here, the attackers exploit WhatsApp's “link device via phone number” feature by tricking unsuspecting users into entering their phone numbers, the advisory said.
“Chrome attack happens when you visit a harmful website or malicious links that take advantage of a vulnerability in the Chrome browser and allow attackers to steal browser data like saved credentials of banks,” the TGCSB said.
To protect themselves from the ghost attack, TGCSB director Shikha Goel asked people not to share OTP, PIN, CVV, or WhatsApp codes. They also asked people against clicking on unknown or urgent-looking links, to avoid logging in on unknown websites or pop-ups.
If people suspect their account or gadget has been compromised, Goel asked people to check WhatsApp-linked devices, take screenshots of messages, links, pop-ups, save transaction IDs, UTR numbers, call logs, update Google Chrome to the latest version, and change passwords of email, banking and social media.
The TGCSB also asked people to keep Chrome and apps updated at all times.