Scam Alert: NCC recommends 2-factor authentication to secure WhatsApp accounts

*The Nigerian Communications Commission’s Computer Security Incident Response Team warns the social media platform is ‘increasingly becoming a prime target for hackers and scammers’ seeking ways to gain unauthorised access to users’ accounts

Gbenga Kayode | ConsumerConnect

In continuation of the telecoms sector regulator’s consumer protection initiatives, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has suggested that users of the popular messaging app, WhatsApp, set up Two-Factor Authentication (2FA) to avoid falling victim to account takeover by hackers.

The NCC-CSIRT, in an advisory issued Tuesday, April 4, 2023, cautioned telecoms consumers, that WhatsApp, a Meta-owned service, is increasingly becoming a prime target for hackers and scammers, who are always looking for ways to gain unauthorised access to users’ accounts in cyberspace.

Mr. Reuben Muoka, Director of Public Affairs at NCC, Tuesday also noted the Team described two-factor authentication (2FA) as an identity and access management security method that requires two forms of identification to access resources and data.

The Commission disclosed the advisory stated: “In the world of messaging apps, one of the most popular and recognisable is WhatsApp. WhatsApp is 100 percent free to use, has a great mobile app, and supports audio and video calls. “Whether you rely on WhatsApp for all your messaging needs or just use it from time to time, it is recommended to set it up with two-factor authentication (2FA).

“With this enabled, you will need to enter a custom PIN every time you log in to WhatsApp from a new device, adding an extra layer of security to your account.”

According to NCC-CSIRT, “2FA gives businesses or people the ability to monitor and help safeguard their most vulnerable information and networks.

“The 2FA is important because it prevents cybercriminals from stealing, destroying, or accessing your internal data records for their own use.”

The recommendation contained in the advisory further stated: “WhatsApp provides two-factor authentication so you can further secure your account using a PIN.

“It is an optional feature that adds more security to your WhatsApp account, so it is recommended that everyone installs 2FA.”

How to activate 2FA on WhatsApp

The NCC-CSIRT stated ten steps for enabling 2FA on WhatsApp, which include the following steps:

Open WhatsApp, Tap Settings, Tap Account, Tap Two-Step Verification, Tap Enable, Enter the Six-Digit PIN you wish to use, Tap Next, then enter it a second time to confirm it, Tap Next, Add an e-mail address for extra security (this step is optional but it is an extra way to retrieve your account if you forget your Pin) and then Tap Next.

The advisory as well stated for those concerned that their PIN might have been compromised, or is easy to guess, they can change their WhatsApp PINs or e-mail addresses by tapping Settings.

Two-Step Verification, tapping Change PIN or Change Email Address, Entering a new PIN or email address, and then tapping ‘next’ to effect the necessary changes, it advised.

The CSIRT is the telecoms sector’s cybersecurity incidence centre set up by the NCC to focus on incidents in the telecoms sector, and as they may affect telecoms consumers and citizens at large.

The Team also works collaboratively, with ngCERT, established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events, stated the Commission.