messengers
How do you keep your chats private and protect your messaging account from being stolen or hacked? Here are 12 simple rules with brief explanations of why each one is important.
Enable two-factor authentication
Why this is important. It keeps your account from being hacked or hijacked through SIM swapping or some other technique. Turning on this setting requires entering your secret password in addition to the SMS verification code when signing in to the messaging app with your account on a new device.
What to do. Open the security and privacy settings of your messaging app, enter a secret password, and memorize it. You’ll only need to enter it when linking a new device to your account. To make things easier, you can generate and store it in a secure password manager, or test the strength of your password using our free Kaspersky Password Checker.
Don’t share one-time passwords
Why this is important. If scammers want to steal your account, they’ll try to trick you into giving them the verification code after you receive it in your messaging app.
What to do. Don’t forward or dictate one-time passwords for signing in to chat apps to anyone. Your friends, support agents, companies, or banks will never need these codes. If someone is asking for a code, it’s a scammer.
Never scan QR codes outside of the messaging app
Why this is important. Some account hijacking schemes masquerade as invitations to join a group or chat. You scan a QR code in an ad, but instead of joining a neighborhood or class chat, you allow a scammer to link their device to your account.
What to do. If someone is asking you to scan a QR code, find the scanner in the messaging app — typically in the Settings. Don’t use your camera or some other QR-code scanning app. Carefully read the prompts displayed by the messaging app: it’ll tell you whether you’re joining a group or channel, or linking a new device to your account.
Carefully check new contact requests
Why this is important. Scammers typically imitate people you know: “Hi! Me again. I’ve a new phone number”. They may even know who your boss is. Many scams that result in major financial losses start with requests from “friends” or “colleagues”. Another type of attack is a “misdialed call” scam. “Is this Hannah? It’s not? Oh, sorry! I misdialed. Anyway, how are things?”
What to do. If you see a new chat, but there’s no history, stay alert! If this is supposedly an acquaintance, ask them about something only they would know. If your boss is texting you, it’s best to confirm it with them directly through a different channel, such as their office phone, work email, or in person, before proceeding. If you get a message from someone claiming it was sent in error, ignore any enticing offers, especially if accompanied by links or files.
Use the block feature
Why this is important. It’s the best way to get rid of stalkers, scammers, and clinging exes.
What to do. Don’t ignore spammers or scammers from the previous tip. Every chat app has a “Block user” button — don’t hesitate to press it! This will prevent the scammer from writing you again — or, after several reports, anyone else. This button is also a great way to minimize reminders of those unpleasant people from your past.
Think before you open a link — even if it’s from a friend
Why this is important. Your friends are vulnerable too. Scammers can compromise their accounts, then use them to send manipulative messages — pleas for help or provocations — to everyone in their contact list, aiming to extort money or hijack further accounts.
What to do. Steer clear of suspicious website links, unfamiliar file attachments, pleas for cash, requests to vote in dubious contests, messages like, “Is that really you in that photo?”, and unexpected, too-good-to-be-true offers like free premium subscriptions. To ensure you don’t stumble into these traps, delete such messages on sight. If they appear to be from someone you know, reach out using another channel, and alert them to the suspicious activity occurring under their name. If you act quickly, you might be able to help your friends recover their accounts, as 24 hours is often all there is to do so.
Restrict access to your smartphone and messaging app
Why this is important. If your phone gets stolen, or you give it to a friend, coworker, or relative, access control will keep anyone from snooping on your chats.
What to do. Enable screen lock: fingerprint, Face ID, or a long PIN. Also, enable App Lock in the phone settings or messaging app itself. Your fingerprint or PIN will be required to open the app every time. Even if you give someone an unlocked phone, they won’t be able to use the chat app.
Turn off message previews
Why this is important. A locked phone screen may display highly sensitive data: from private messages to verification codes from the bank.
What to do. Disable message previews on the lock screen. You can do that in the “Notifications” section of the phone settings.
Use disappearing and one-time-view messages
Why this is important. If you’re sharing things like Wi-Fi passwords, booking details, or your home address, which are only needed for a moment, don’t leave them in your chat history to haunt you later. What if one of you gets hacked?
What to do. When sharing sensitive data, apply either an auto-delete timer for messages or the “view once” setting, depending on the situation. If neither is an appropriate option, set a reminder to revisit the chat and delete the message for both users after an hour, day, or week.
Added bonus. This looks cool and helps keep the chat uncluttered.
Don’t send nudes!
Why this is important. Even if it’s just a one-time view message, the picture might be shown to people around or screenshotted and then used against you.
What to do. Avoid sharing anything that could upset, embarrass, jeopardize, or open you up to blackmail if published. This is true for any private information, not just nudes. If your nudes have already been leaked online, there might still be a chance to get them removed.
Be careful with group chats
Why this is important. You probably trust your friends. But how well do you know the people your friends add to groups?
What not to do. Don’t share your phone numbers, addresses, or other sensitive (your own as well as others’) personal information in large chats.
Limit your profile visibility
Why this is important. Neither scammers nor strangers need to see your profile photo or know when you were last seen online.
What to do. Open the Privacy section in the chat app settings and choose who can see your “Last Seen”, “Profile Photo”, “Status”, and so on. By default, this data is visible to everyone. Adjust the settings to your preference, choosing either “My Contacts” or “Nobody”.
Read other stories to find out how to adjust security and privacy settings in specific messaging apps, and what to do if you’ve been targeted by scammers or had your account compromised:
Tips