Rise in Scams Involving WhatsApp Hijacking
The police have reported a rise in scams involving taking over of WhatsApp accounts.
HOW DO THEY DO IT?
Typically, the scammer would add the targeted user’s mobile number to a new WhatsApp on his/her own phone. The victim would then receive a 6-digit verification code via SMS. Impersonating as a friend or WhatsApp’s support team, the scammer then contacts the victim and requests for the 6-digit code to be sent to him/her. From there, the scammer hijacks the account which causes the victim to lose control over his own account, and proceeds to target other victims in the contact list.
Scammers could also by-pass the verification process by using the victim’s voicemail. By repeatedly failing to verify the one-time registration code, WhatsApp will prompt the user to perform a “voice-verification”, during which, WhatsApp will call the user’s phone and a one-time verification code will be read out in an audio message. If the call isn’t answered, the message will be directed to the user’s voicemail. The scammers would then proceed to hack into the voicemail to retrieve the code. Scammers would have to time their attacks during the night when the users are most likely asleep or away from his/her phone. The scammer could then set up the 2-way verification code and gain access to the WhatsApp account.
Impersonating as the victim, the scammer then Whatsapp the victim’s friends and family to obtain bank account details and OTPs on the pretext of claiming lucky draw prizes conducted by Lazada, Shopee or Qoo10.
HOW TO PROTECT YOURSELF?
1) Adopt the 3-Don’ts
Don’t Panic – Beware of unusual requests from strangers or even your social media contacts.
Don’t Believe – Be wary of claims that you have won in a lucky draw especially if you did not participate in any contest or lucky draw.
Don’t Give - Do not give out your bank account details and OTPs before checking the authenticity of the request.
2) Secure your WhatsApp Account
Protect your WhatsApp account by enabling two-step verification which can be found under the Settings tab of your WhatsApp verification.
3) Change the default password of your voice mailbox
4) Do not share your WhatsApp verification code with anyone else, not even your friends and family.
WHAT TO DO IF YOU’RE CAUGHT IN A SCAM?
You may wish to back up your WhatsApp account, delete and reinstall the app again to trigger a new registration code. Once the registration code is entered, the scammer will be logged out. If the scammer has activated the two-step verification, you might have to wait 7 days before you can sign in again.
Do share any suspicious activity that you have encountered in the comments section below so that everyone can learn from it.