What is online account hijacking?

Instances of account hijacking date back to 2014. During this time, the instant messaging software LINE had a system vulnerability that exposed users’ accounts to hackers. These hackers were then able to deceive the victim’s family and friends in their contact list into purchasing prepaid cards. The situation continued until around 2016, when the vulnerability was eventually resolved. In 2017, scammers began hijacking users’ WhatsApp accounts to trick people into purchasing prepaid cards using similar deception methods. Later, WhatsApp introduced the “two-step verification” (now known as “two-factor authentication”) feature. This feature has gradually improved the situation and made it harder for scammers to hijack accounts.

Are there any online account hijacking tricks?

Trick 1: Phishing text messages
1. Scammers send phishing text messages with links to fake websites
2. The fake websites obtain the user’s phone number and request the platform to issue a registration code to the user
3. Scammers then get the registration code from the user
4. Scammers then use another device to log into the user’s account
5. Scammers exploit excuses like bank transfers and loans to defraud users' family and friends

Trick 2: Search engine optimization poisoning attack
1. Scammers create fake WhatsApp web login page
2. Scammers advertise using the keyword “WhatsApp”on search engines
3. When users enter the keyword“WhatsApp” in a search engine, the fake website will appear as the top ad
4. When users click on the top ad, they are taken to the fake website, where they scan a malicious QR code, allowing scammers to obtain their connection information
5. Scammers simultaneously log into users’ accounts through the online version of WhatsApp to deceive the users’ family and friends for money

What are the causes of online account hijacking?

Online account intrusions can have different causes. For instance, one may forget to log out of web-based messaging software after using a public computer, use malicious multi-account login tools, or have their electronic devices compromised by malicious software.
Scammers often use the excuse that online bank transfers exceed the limit and request contacts in the address book to help transfer money. They promise to repay the amount the following day, and the requested amount can vary from thousands to tens of thousands of dollars. Occasionally, there are also requests for large transfers.

Any tips for avoiding online account hijacking?

1. Enable two-factor authentication
2. Regularly review the devices linked to your account and log out any unknown connected devices
3. Set a strong password for your voicemail to prevent theft of voice one-time password
4. Bookmark frequently used websites instead of relying solely on search engines for trustworthy results
5. Beware of any abnormalities in text messages and websites, such as misspelled domains or a mixture of traditional and simplified Chinese characters
6. If you receive a message from family or friend requesting help with bank transfers or remittances, always call to verify their identity and relevant request
7. Avoid connecting to public Wi-Fi or logging into online accounts on public computers
8. Avoid disclosing passwords and verification codes casually or scanning QR codes without verifying
9. If in doubt, use Scameter to assess for URLs, payment accounts, etc., or call 18222 for enquiries

You might be interested

Romance Scam Scammers look for targets on various social platforms. After getting to know the victims’ interests, scammers easily win…

What is Online Employment Fraud? Fraudsters post job advertisements on various social media platforms, forums or instant messengers, using various…

Scammers approach the victims via social networking platforms for naked chat and record the entire process. What is Naked Chat…

Scammers usually meet their victims on social media platforms. Claiming to offer compensated dating or sexual services, they ask to…

Have you ever shopped online but not receiving the goods after payment? Online Shopping Scam Have you ever shopped online…

Scammers hack into the email systems of the target company or its business partners What is business email compromise? Scammers…

Once credit card information including card number, expiry date and CVC falls into the hands of criminals, Credit Card FraudOnce credit…

Through online social media platform, forums or instant messengers, fraudsters promote investmentsWhat is online investment fraud?Through online social media platform,…

Sign up for web hosting today!

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.