Cybercriminals are once again targeting WhatsApp – the most popular messaging service on the planet, with more than two billion users. The nasty scam, which will be familiar to longtime WhatsApp users, leaves people locked out of their accounts. Worse still, this sinister attack also hands full access to your most private messages, contacts list, pictures and videos over to the hackers who can then use these to target more unsuspecting users. This new scam uses an old technique that’s been seen in the wild before.
Those tricked will usually receive a message on their phone that appears to have come from a friend or contact already saved on your phone (but be warned – these texts are sent from people who have already been taken in by the scam as the hackers use their contact list to try to tempt more people into falling prey to the scam). Once the hackers know you are willing to respond, they’ll target your phone and attempt to gain access to your chat account via WhatsApp’s security pin number.
It’s a pretty simple scam as whenever you upgrade your smartphone, WhatsApp will ask to verify your identity using your phone number before allowing you to access any chats backed-up to the cloud. It’s this six-digit code that hackers need to get their hands on to gain access to your account.
To verify the identity of the person trying to log into your WhatsApp, the Facebook-owned firm will send a randomly generated six-digit code in a text message to the phone number that’s registered with the account. Of course, this won’t go to the hackers, but will end up on your phone.
Next, the hackers will send a text to you – making an excuse for the six-digit code being sent to you – and asking you to forward it on to them. As soon as you send the code, WhatsApp believes that it’s a genuine attempt to login to your account and will enable the chat on the hackers’ smartphone.
As far as your contacts are concerned, the hackers are now you and can continue to send texts in your WhatsApp conversations, or group chats.
This scam was circulating earlier this year and now it’s been spotted again. Radio 2 presenter Jeremy Vine even appears to have fallen for the scam. He tweeted a warning to his listeners to try to stop them falling foul of the same technique – which left him locked out of his WhatsApp and allowed cybercriminals to use his contact list to target more people.
Currently, it appears that WhatsApp users in India are the main target but it’s a good reminder to be on alert if you get a message asking you to forward on a pin number.
Speaking about the latest scam Ray Walsh, Digital Privacy Expert at ProPrivacy, said: “WhatsApp users need to be on the lookout for a worrying new scam that is allowing cybercriminals to hack into people’s WhatsApp accounts. Anybody who receives a message out of the blue with a one-time PIN code should be extremely wary because this is how the attack starts. Following the receipt of the unexpected OTP code, the hacker will send the victim a direct message claiming to be their friend or contact. They will then ask to be forwarded the code by claiming to have mistakenly sent it to them.
“That code is actually the two-factor authentication code for accessing the victim’s WhatsApp account, and once the victim forwards it to the hacker they will use it to hack into their account. Always be on the lookout for any text messages that contain an OTP code and never, ever forward or screenshot or otherwise pass those codes on to anybody, no matter how genuine they sound.”
Published at Wed, 25 Nov 2020 07:10:00 +0000