Info Sharing Blog

Friday, September 18, 2020

[Experience] My new cellular number and possible security risks.

September 18, 2020 Posted by jaacostan

I recently moved to a new place and bought a new mobile connection from one of the cellular providers. Number got activated and then I created a new WhatsApp account. After I successfully opened my new WhatsApp, daily I started receiving many messages from the people I never ever met, complete strangers. They thought that the number belongs to a person, let’s say X. Initially I thought, OK this might be a normal thing because they might be contacting the person after a long time, and unaware that the person might have changed his/her number. I started telling them "wrong number". I have no idea whether the previous owner of this number was a politician or a famous/infamous person. But I keep getting many calls and messages intended to that person X. Some added me in to a few WhatsApp groups (work/personal). Getting frustrated.

People started sending sensitive documents, personal messages as well. And being a security pro, this led me to write a post regarding the possible security risks associated with this small 'wrong number' mistake. 

1) A Sender without verifying the receiving person, or his number started sending sensitive/confidential documents. This is a mistake from the sender and before you pass anything over any medium of communication, make sure that the receiver details are correct. 

2) Don't add people whom you don't know in to a WhatsApp group. 

3) Better avoid using WhatsApp for your job related or official purposes. There is a high chance of making a mistake by sending chats/files to the wrong person/group.

4) Now assume, the receiver is a evil person. He can impersonate the person, stole his/her identity and can perform social engineering attacks.  

5) The receiver can also misuse the confidential/sensitive information for illegal purposes.

So how to avoid such incidents?

1) Be cautious. You do your actions carefully. Make sure, you are communicating with the right person. 

If a person is not using his mobile connection for a period of time, for example 6 months, then the provider may cease the connection and release the number again in the market.

2) Enable two-step verification. So that, nobody can create/clone another WhatsApp for the same number on another device.

3) Don't sent your personal information, work related data over WhatsApp. I know the world is now running using WhatsApp. More than office communicator, people rely on WhatsApp. This is very wrong and unprofessional.

4) In your WhatsApp privacy -> Groups settings, restrict the people who can add you in to new Groups. 

Note: Some old guy started flirting as well. I guess the previous owner of the number was a female. Though i informed him that you are sending messages to the wrong person, he acknowledged and the very next day he started sending me new messages. 😆

I have blocked so many numbers and exited groups. Now thinking of deleting my WhatsApp. 😤