Laughing Out Loud: I Almost Got Hacked!

I recently found myself in a rather unsettling situation.

A stranger called me on WhatsApp, claiming we were both members of a group I didn't even know existed(okay, maybe I did, just wasn't active in it ;-( ).

They mentioned a Zoom meeting scheduled for 8 PM, which seemed odd because I'm usually aware of most group activities, even if I don't actively participate.

Something felt off from the start. (1) Red flag number one: the unexpected group invitation.

I expressed my unavailability for the meeting, but the caller insisted on sending me a verification code as a "reminder."

When I saw the pop-up notification on WhatsApp, I knew something was fishy. (2) Red flag number two: the unsolicited verification code.

I decided to play along to see where this would lead.

The caller asked me to read the code aloud, a sign of a phishing attempt.

(3) Red flag number three: the request to read the verification code.

This code was likely a two-factor authentication (2FA) code, designed to add an extra layer of security to my WhatsApp account.

• Unknown caller: The fact that the caller was someone I didn't know should have been a red flag. While it's possible to be contacted by someone you don't know through a group, the sudden and unexpected nature of the call was suspicious. Especially on WhatsApp
  
• Lengthy conversation: The caller's attempts to prolong the conversation were another red flag. Phishing attackers often try to keep victims on the phone or engaged in a conversation to distract them and prevent them from noticing any suspicious activity.
  
• Gaining trust: The caller may have also tried to build trust by mentioning shared group membership or other seemingly innocuous details. This is a common tactic phishers use to make their scams seem more legitimate.

• Unexpected invitations or requests: Be wary of unsolicited messages, emails, or calls, especially those asking for personal information or urgent action.
  
• Suspicious links or attachments: Never click on links or open attachments from unknown sources. They could contain malware or lead to phishing websites.
  
• Unusual language or grammar: Phishing emails often contain poor grammar or spelling errors. (Though many are getting better with the use of AIs
  
• Requests for personal information: Legitimate organizations will never ask for sensitive information like passwords or credit card numbers via email or phone.

1. Be sceptical and approach all unexpected communications with caution.
   
2. Always verify a sender or organization's information via a trusted source especially if you receive a suspicious message.
3. Create unique, complex passwords for all your online accounts.
   
4. Enable two-factor authentication to add an extra layer of security to your accounts
   
5. Keep up-to-date on the latest phishing scams and security best practices.
   
6. Consider leaving groups that you don't actively participate in. This can help reduce your exposure to potential risks and scams.