New Method of Account Hijacking in Messengers

The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) reports an increase in the number of cyberattacks aimed at gaining access to accounts on popular messengers, specifically using techniques to bypass two-factor authentication.

Messages related to voting are being distributed via SMS and messengers like Telegram and WhatsApp, containing links to supposedly artistic competition materials (visual arts, performing arts, etc.). The recipient of such a message is asked to visit a website with the mentioned materials, "log in," and support a contestant. If the QR code is scanned and/or the phone number and one-time code are entered, an unauthorized device will be added to your account, which should then be considered compromised.

To protect against such malicious activity, do not click on any links and do not enter your data, especially if such requests come from familiar people. Upon receiving such a message, it is advisable to assume that the sender's account is compromised and to immediately inform them via phone.

If you detect that your account has been compromised, you should urgently check the settings of your account for connected devices and terminate unknown sessions. If the period of unauthorized access to the account exceeds 24 hours, the attacker will have the technical ability to terminate your session. In this situation, you will be able to re-authenticate, but this session can also be terminated after a day. Therefore, one option to regain control of your account is to delete it along with all messages and data, followed by re-registration in the messenger.

For more details, visit the CERT-UA website.

Additionally, to further protect your account, it is important to set up two-step authentication. How to do this can be read via the provided link.