While BtCIRT has not received any cases of compromised wechat account till date, we have learned from social media and other sources that there are many instances of wechat accounts being compromised and used for distributing obscene contents.
This is to alert all users to make sure that you have enabled security setting to keep your account safe.
Users are recommended to review following setting while creating an account, or follow the steps given below if you haven’t done it.
In the Settings:
- Feature: disable Drift Bottle, People Nearby, Shake and all which would enable strangers to easily discover you.
- Privacy. Wechat also provides some features to keep yourself away from being easily discovered. For instance you can enable Friend Confirmation or disable “Find Me” features.
- My Account: Set a wechat ID, which remains unique to each user and cannot be reused. Link your account to your phone or email, which can be used for two factor authentication or for account recovery. If you would like to discontinue wechat, press on “Delete Account”.
- About: You are also advised to go to “About” and check for updates periodically.
Visit: Enable Account Protection for detailed instructions.
For details on what to do if your account is compromised visit: Wechat Advisory, you
can also visit Wechat Help Centre for general enquiries.
General Countermeasures for any instant Messaging App:
- Get the apps from official sites. It is advisable to go the website of the service provider first which may have a link to the application download store rather than visit the store. A simple obfuscation in the application name and details in the application store can get you to download the wrong application.
- Avoid using any rooted Android devices or jailbroken iOS devices.
- Use a strong Password and enable two factor authentication if available.
- Change your privacy settings immediately
- Most of the security features are not enabled by default, always enable them on first login.
- Don’t add people you don’t know
- Always sign out of your account after you finish using it
- Review the list of trusted device from time to time to make sure your account hasn’t been logged in from devices you lost or some unknown devices.
- If you are no more using it delete the account
- Do not use any unsecured Wi-Fi networks or those Wi-Fi without password.
- Use and maintain anti-virus software.
- Keep any software up-to date
- Don’t allow your IM program to “remember” your password or automatically sign in to your account.
- Don’t click links sent to you in a message, even if they appear to be from someone you know
If your account has been compromised, report to firstname.lastname@example.org
and please let us know by reporting the incident to email@example.com or www.btcirt.bt/incident-reporting/report-an-incident/ with details of wechat ID, initially registered phone number, the new number and screenshoot of bad content being distributed. We will also try to contact the support team. The reporting of such incidences will also be helpful to gather statistics of cyber incidents within the country.
While if you want legal actions you might like to report your case to Law Enforcement Authority.
For any further technical support, please contact us at :