Search
START TYPING AND PRESS ENTER TO SEARCH
Close Menu
Wednesday, June 24

Instances of account hijacking date back to 2014. During this time, the instant messaging software LINE had a system vulnerability that exposed    

What is online account hijacking?

Instances of account hijacking date back to 2014. During this time, the instant messaging software LINE had a system vulnerability that exposed users’ accounts to hackers. These hackers were then able to deceive the victim’s family and friends in their contact list into purchasing prepaid cards. The situation continued until around 2016, when the vulnerability was eventually resolved. In 2017, scammers began hijacking users’ WhatsApp accounts to trick people into purchasing prepaid cards using similar deception methods. Later, WhatsApp introduced the “two-step verification” (now known as “two-factor authentication”) feature. This feature has gradually improved the situation and made it harder for scammers to hijack accounts.

In August 2023, a new account hijacking method involving phishing messages emerged and later transformed into “search engine optimisation poisoning” attacks—these attacks primarily target WhatsApp accounts, with a few cases involving Telegram and other online platforms.

Trick 1: Phishing text messages

Scammers send phishing text messages
with links to fake websites

The fake websites obtain the
user’s phone number and request
the platform to issue
a registration code to the user

Scammers then get the
registration code from the user

Scammers then use another device
to log into the user’s account

Scammers exploit excuses like bank
transfers and loans to defraud
users' family and friends

Trick 2: Search engine optimisation
poisoning attack

Scammers create fake
WhatsApp web login page

Scammers advertise using the keyword
“WhatsApp”on search engines

When users enter the keyword“WhatsApp” in a search engine, the fake website will appear as the top ad

When users click on the top ad, they are taken to the fake website, where they scan a malicious QR code, allowing scammers to obtain their connection information

Scammers simultaneously log into users’ accounts through the online version of WhatsApp to deceive the users’ family and friends for money

Online account intrusions can have different causes. For instance, one may forget to log out of web-based messaging software after using a public computer, use malicious multi-account login tools, or have their electronic devices compromised by malicious software.

Scammers often use the excuse that online bank transfers exceed the limit and request contacts in the address book to help transfer money. They promise to repay the amount the following day, and the requested amount can vary from thousands to tens of thousands of dollars. Occasionally, there are also requests for large transfers.

Tips for avoiding online account hijacking

Enable two-factor authentication

Set a strong password for your voicemail to prevent theft of voice one-time password

Beware of any abnormalities in text messages and websites, such as misspelled domains or a mixture of traditional and simplified Chinese characters

Avoid connecting to public Wi-Fi or logging into online accounts on public computers

Regularly review the devices linked to your account and log out any unknown connected devices

Bookmark frequently used websites instead of relying solely on search engines for trustworthy results

If you receive a message from family or friend requesting help with bank transfers or remittances, always call to verify their identity and relevant request

Avoid disclosing passwords and verification codes casually or scanning QR codes without verifying

If in doubt, use Scameter to assess for URLs, payment accounts, etc.,
or call 18222 for enquiries

Enable two-factor authentication

Regularly review the devices
linked to your account and
log out any unknown connected devices

Set a strong password for your voicemail to prevent theft of voice one-time password

Bookmark frequently used websites instead of relying solely on search engines for trustworthy results

Beware of any abnormalities in text messages and websites, such as misspelled domains or a mixture of traditional and simplified Chinese characters

If you receive a message from family or friend requesting help with bank transfers or remittances, always call to verify their identity and relevant request

Avoid connecting to public Wi-Fi or logging into online accounts on public computers

Avoid disclosing passwords and verification codes casually or scanning QR codes without verifying

If in doubt, use Scameter to assess for URLs, payment accounts, etc., or call 18222 for enquiries

What is online account hijacking?

Instances of account hijacking date back to 2014. During this time, the instant messaging software LINE had a system vulnerability that exposed users’ accounts to hackers. These hackers were then able to deceive the victim’s family and friends in their contact list into purchasing prepaid cards. The situation continued until around 2016, when the vulnerability was eventually resolved. In 2017, scammers began hijacking users’ WhatsApp accounts to trick people into purchasing prepaid cards using similar deception methods. Later, WhatsApp introduced the “two-step verification” (now known as “two-factor authentication”) feature. This feature has gradually improved the situation and made it harder for scammers to hijack accounts.

Are there any online account hijacking tricks?

Trick 1: Phishing text messages
1. Scammers send phishing text messages with links to fake websites
2. The fake websites obtain the user’s phone number and request the platform to issue a registration code to the user
3. Scammers then get the registration code from the user
4. Scammers then use another device to log into the user’s account
5. Scammers exploit excuses like bank transfers and loans to defraud users' family and friends

Trick 2: Search engine optimization poisoning attack
1. Scammers create fake WhatsApp web login page
2. Scammers advertise using the keyword “WhatsApp”on search engines
3. When users enter the keyword“WhatsApp” in a search engine, the fake website will appear as the top ad
4. When users click on the top ad, they are taken to the fake website, where they scan a malicious QR code, allowing scammers to obtain their connection information
5. Scammers simultaneously log into users’ accounts through the online version of WhatsApp to deceive the users’ family and friends for money

What are the causes of online account hijacking?

Online account intrusions can have different causes. For instance, one may forget to log out of web-based messaging software after using a public computer, use malicious multi-account login tools, or have their electronic devices compromised by malicious software.
Scammers often use the excuse that online bank transfers exceed the limit and request contacts in the address book to help transfer money. They promise to repay the amount the following day, and the requested amount can vary from thousands to tens of thousands of dollars. Occasionally, there are also requests for large transfers.

Any tips for avoiding online account hijacking?

1. Enable two-factor authentication
2. Regularly review the devices linked to your account and log out any unknown connected devices
3. Set a strong password for your voicemail to prevent theft of voice one-time password
4. Bookmark frequently used websites instead of relying solely on search engines for trustworthy results
5. Beware of any abnormalities in text messages and websites, such as misspelled domains or a mixture of traditional and simplified Chinese characters
6. If you receive a message from family or friend requesting help with bank transfers or remittances, always call to verify their identity and relevant request
7. Avoid connecting to public Wi-Fi or logging into online accounts on public computers
8. Avoid disclosing passwords and verification codes casually or scanning QR codes without verifying
9. If in doubt, use Scameter to assess for URLs, payment accounts, etc., or call 18222 for enquiries

You might be interested

Romance Scam

Romance Scam Scammers look for targets on various social platforms. After getting to know the victims’ interests, scammers easily win…

Online Employment Fraud

What is Online Employment Fraud? Fraudsters post job advertisements on various social media platforms, forums or instant messengers, using various…

Victims’ mind

“Why do people fall for scams”, “Why so stupid?”, “How could anyone believe that?” Victims’ mind “Why do people fall…

Naked Chat Blackmail

Scammers approach the victims via social networking platforms for naked chat and record the entire process. What is Naked Chat…

Compensated Dating Scam

Scammers usually meet their victims on social media platforms. Claiming to offer compensated dating or sexual services, they ask to…

Online Shopping Fraud

Have you ever shopped online but not receiving the goods after payment? Online Shopping Scam Have you ever shopped online…

Business Email Compromise

Scammers hack into the email systems of the target company or its business partners What is business email compromise? Scammers…

Credit Card Fraud

Once credit card information including card number, expiry date and CVC falls into the hands of criminals, Credit Card FraudOnce credit…

Online Investment Fraud

Through online social media platform, forums or instant messengers, fraudsters promote investmentsWhat is online investment fraud?Through online social media platform,…

Social Media Platforms and Video Channels

Facebook Youtube Instagram Whatsapp
© 2026 CyberDefender. All rights reserved

Sign up for web hosting today!

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.