Never share verification codes, treat like password – Cybersecurity advises

The Cyber Security Authority (CSA), has advised Ghanaians never to share verification codes to an individual but treat` as equal as their passwords.

The Authority had noticed increased incidents of individuals falling victim to social engineering and sharing their WhatsApp verification codes with malicious actors, leading to unauthorised access and account takeover.

A press statement made available to the Ghana News Agency by the CSA, said 187 reports had been recorded as of April 2024, equalling what was recorded for the entire year of 2023.

The statement said malicious actors disguised themselves as familiar contacts or authoritative figures, typically as administrators of Groups the eventual victim was part of.

It said they crafted persuasive messages to lure their targets to disclose their verification code, stating that some of these methods were notifying the victim through text messages about an ongoing upgrade on their group platforms and requesting the victim to share the code that would be sent
to them.

‘Calling the victim to inform them that a security code has been sent to prevent their account from being hacked and requesting the victim to share that code,’ the statement added.

It said these actors also informed the victim that they had received a mobile money transfer and that they must reveal the code the perpetrator sent to access the funds, and also sharing URLs in WhatsApp groups and instructing group members to click on them to update their information by providing the code that would be sent to them.

The statement said once the code was shared, the victim’s account was compromised, opening the door to unauthorised access and account takeover.

It said the malicious actors then impersonate the victims and defraud their contacts.

‘In some cases, the malicious actors perpetrate Subscriber Identity Module Swap fraud wherein, they impersonate the eventual victim to a mobile network operator and acquire a new SIM card,’ it added.

The statement said the victim loses the ability to communicat
e altogether, while the malicious actors potentially also gained access to one-time passwords and mobile wallets.

The Authority advised the public to enable Two-Step Verification, which added an extra layer of security to their WhatsApp account.

The statement said to enable it, go to WhatsApp, Settings, Account and select Two-step verification, Enable.

It said this would prompt you to create a six-digit Personal Identification Number that would be required periodically and whenever you register your phone number with WhatsApp again.

‘Keep this PIN confidential,’ it added.

The Authority urged the participants to educate friends and Family, share this information with their friends and family, especially those less familiar with online scams.

The CSA has a 24-hour Cybersecurity/Cybercrime Incident Reporting Points of Contact for reporting cybercrimes and for seeking guidance and assistance on online activities.

Source: Ghana News Agency