Hijacking of Twitter and WhatsApp accounts - Stay Alert!!!!!!

Hackers exploiting DM to Hijack Twitter and WhatsApp accounts

With the Twitter accounts of Megastar Amitabh Bachchan and singer Adnan Sami getting hacked, security researchers have warned that users ought to deliberate before clicking on the links received within the Twitter Direct Message (DMs).

Singer Adnan Sami's Twitter account was allegedly hacked on Tuesday by Ayyildiz Tim, the same Turkish hacker cluster that attacked star Amitabh Bachchan's microblogging page a day ago. Just like Bachchan's profile was compromised, the cluster replaced Sami's profile picture with a photograph of Pakistan PM Imran Khan and altered the bio, adding "Ayyildiz Tim Love Pakistan" with an emoji of Pakistani and Turkish flags.

"Their Modus operandi looks like they are sending DM to the victims Twitter account and if the victim opens the DM he/she is directed to a phishing page which looks like a genuine page," Sanjay Katkar, Joint Managing Director and Chief Technology officer, Quick Heal Technologies Ltd. 

"If the user fills the login credentials on this page his login information is gone to the hackers who later use it to login and change the original password and take control of the account," he said, adding that there are alternative ways that a twitter account will compromise.

The French security researcher who uses the pseudonym Elliot Alderson pointed to a user who goes by the name Kerem Sah Noyan on Twitter and uses the handle @NoyanAyt2002 as the person behind the hack.

Bachchan's page was restored within half-an-hour after the Mumbai Police alerted the cyber unit. The group had antecedently hacked Twitter accounts of actors Shahid Kapoor and Anupam Kher among others as well.

"This is an important call to the whole world! We do condemn the irrespective behaviors of Iceland republic towards Turkish footballers. We speak softly but carry a big stick and inform you about the Big Cyber Attack here. As Ayyildiz Tim Turkish Cyber Army," read the first tweet after the attack on Monday.

Ways to secure Twitter and WhatsApp account:

Enable Two-step Verification:

If a service supports it, you should be using Two Factor Authentication. This Adds a periodic passcode to WhatsApp and also ensures your data isn't accessed by someone else. The purpose is to stop someone else from accessing your WhatsApp account without your consent. It's truly one of the best new WhatsApp features, and even available on WhatsApp Web.

Turn on Security Notification:

When a new phone or laptop accesses an existing chat, a new security code is generated for both phones. And WhatsApp can send a notification when the security code changes. This way, you can check the encryption with your friend over a different messenger, ensuring its security.

Check Encryption for Sensitive Conversations:

Even though WhatsApp encrypts all chats by default, sometimes you want to double-check, It's good practice to do that while sharing sensitive information like a credit card number with a trusted contact.

Disable Cloud Backups:

The end to end encryption is awesome, but there's one loophole: WhatsApp backs up chats to Google Drive or iCloud. That way, if you reinstall it later, you can retrieve your old messages, But this backup isn't encrypted. So if you really care about your privacy, then that's something you need to disable. Remember, storing your data with Apple and Google might not protect you against eavesdropping by Govt.

Beware of common scams:

Since it's an instant messenger, you might get some scams on WhatsApp periodically. You need to know some of the popular ones and not fall for them. The most persistent ones to talk about a premium version of WhatsApp, "WhatsApp Gold," or your account expiring. No matter how it's worded, the scam is about making you pay for WhatsApp. It shouldn't need to be said, but don't ever pay money for WhatsApp. The company has made it clear that WhatsApp will forever be free.