The Namibia Cyber Security Incident Response (NCSIR) unit at the Communications Regulatory Authority of Namibia (CRAN) has reported of a growing and particularly concerning threat, which happened during the festive season, of the large-scale hijacking of WhatsApp accounts through sophisticated phishing campaigns.
“Recent threat intelligence has identified an active global operation, commonly referred to as the HackOnChat campaign, targeting WhatsApp users across regions,” said Mr Mufaro Nesongano, CRAN’s executive for communications and consumer relations.
“Attackers deploy fraudulent websites that closely mimic legitimate WhatsApp web and security verification pages, exploiting trust in the platform to compromise user accounts.
“Two primary techniques are used. In the first, victims are tricked into scanning a QR code or entering a pairing code on a fake WhatsApp web page, unknowingly linking their account to an attacker-controlled session.
“In the second, victims are lured into entering their phone number and a OneTime Password (OTP) on a phishing page, allowing attackers to fully take over the account. Once compromised, WhatsApp accounts are weaponised.”
Nesongano pointed out that attackers impersonate the victim to contact friends, colleagues, or business partners, requesting urgent financial assistance, sensitive information, or further OTPs.
“Because these messages originate from a trusted contact, recipients are significantly more likely to comply without verification, leading to rapid financial loss and further spread of the scam.”
Another cyber threat that was common during the festive season was the “Ransomware and Attacks on Unattended Systems” where ransomware operators deliberately target holiday periods when monitoring and response capabilities are reduced.
“Attacks are often launched during long weekends or shutdown periods, with encryption remaining unnoticed until staff return,” said Nesongano.
“Unpatched Virtual Private Network (VPN) appliances, exposed remote access services, and weak administrative credentials are common entry points.
“In several cases globally, attackers have also targeted backup systems during the holidays, reducing organisations’ ability to recover without paying ransom demands.”
In order to reduce the cyber risk, Nesongano said that organisations should ensure continuous monitoring and incident response coverage, enforce multi-factor authentication across all critical systems, and complete patching and security testing before staff go on leave.
“Equally important is staff awareness. A simple post-holiday reminder encouraging employees to remain cautious of password changing emails, verify payment requests, and report suspicious activity promptly can prevent incidents from escalating.
“As we prepare to start the year, it is important to recognise that cyber threats do not take holidays, they exploit them.”
In the photo: Mr Mufaro Nesongano, the Executive for Communication and Consumer Relations at the Communications Regulatory Authority of Namibia (CRAN).
