Users Warned Over WhatsApp Account Hijack Scams

WhatsApp has warned of an ongoing SMS scam that hackers are using to hijack accounts.

The scam has been in use for years, but users continue to be fooled by it.

It involves tricking users into sending a login code.

The hacked accounts can then be used for further fraudulent activity, such as posing as the person whose account was hacked and asking for money.

Account hijack

Taking control of an account gives the hackers access to the user’s list of contacts.

They then try to log into one of those accounts, asking WhatsApp to send them a six-digit login code via SMS. The SMS is received by the account’s legitimate owner.

The hackers then send the target a message via WhatsApp, posing as the friend the account belonged to before being hacked.

They pretend to have lost access to their WhatsApp account and to have sent the six-digit login code to the wrong person, asking the target to send them a screenshot of the login code.

A person lured by the attack told the BBC it was only a day later that he realised he had sent the login code for his own account to a scammer.

Gold bar scam

“The safety and security of our users and their messages are really important to us,” WhatsApp said in a statement.

“However, just like regular SMS or phone calls, it’s possible for other WhatsApp users who have your phone number to contact you.”

The company advised users to never give a password or SMS secuity code to anyone, not even friends or family, and to enable two-step verification for additional protection.

Singapore police warned last week of a scam spreading in the country that makes use of hacked WhatsApp accounts.

Targets receive a message from the account of a contact whose account has been hacked, telling them about an auction of gold bars that were supposedly seized by customs authorities.

The scammers send a fake invoice for the gold bars, which are supposedly being sold at 30 percent below the market rate, and instruct the target to make payments to a list of accounts.

Voicemail trick

Police also warned that hackers are using a voicemail verification scam to hack into WhatsApp accounts.

The attacker attempts repeatedly to log into the target’s WhatsApp account, after which WhatsApp prompts them to verify their account via a phone call.

The service then calls the legitimate user’s phone with a verification code. If the call isn’t picked up and voicemail is enabled, the automated service leaves the verification code on the user’s voicemail.

The hackers can then access the user’s voicemail if they haven’t changed the default PIN number, using the verification code to hijack the WhatsApp account, Singapore police said.

They encouraged users to turn on two-step verification and to change their service provider’s default voicemail PIN code.

WhatsApp has also published an online guide for keeping accounts safe.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Tesla Reaches $1 Trillion Valuation

Car maker Tesla now worth at least double that of Toyota, Volkswagen and Ford combined,…

3 hours ago

Australia Funds Telstra Buy Of Digicel Pacific To Thwart China

Strategic blocking? Australian government joins forces with Telstra to acquire Digicel Pacific, after interest from…

4 hours ago

Apple ‘Very Likely’ To Face DoJ Antitrust Lawsuit – Report

Two year investigation by Department of Justice of tech giants has seen acceleration of Apple…

5 hours ago

France Holds Secret Talks With Israel Over NSO Spyware

Top adviser to French President holds talks with Israeli counterpart to discuss NSO spyware allegedly…

6 hours ago

Facebook Making Online Hate Worse, Whistleblower Tells MPs

Frances Haugen answered questions from the UK parliament's Joint Committee on Monday, after cache of…

7 hours ago

Silicon UK In Focus Podcast: Women In Tech

Today we are speaking to Joanne Thurlow, Head of IT for Siemens Energy, Industrial Application…

8 hours ago