The recent surge in WhatsApp code phishing scams poses a serious threat to users in Ireland. This article breaks down the scam step-by-step and offers practical solutions to protect yourself.
Click to play
Understanding the Scam
Step 1: Initial Contact
Scammers first compromise the WhatsApp account of someone in your contact list. They may do this through various means, such as hacking or social engineering. Once they gain access, they can impersonate that contact.
Step 2: The Verification Code Request
The scammer enters your phone number into the WhatsApp login screen, prompting WhatsApp to send a six-digit verification code to your phone. Simultaneously, the scammer contacts you, posing as your friend or family member, claiming they mistakenly requested the code and need your help.
Step 3: The Urgent Plea
Creating a sense of urgency, the scammer pressures you to share the verification code, often making it seem like an emergency. Victims, believing they are assisting a loved one, may share the code without hesitation.
Step 4: Account Takeover
Once the scammer receives the verification code, they can access your WhatsApp account. This allows them to lock you out and use your account to target your contacts, perpetuating the scam further.
Consequences of the Scam
Victims of this scam face several risks:
- Loss of Access: Scammers can lock you out of your own account.
- Further Exploitation: Compromised accounts can be used to defraud friends and family.
- Financial Losses: Victims may unwittingly facilitate financial scams against their contacts.
Solutions and Preventative Measures
1. Keep Your Verification Code Private
Treat your WhatsApp verification code like a password. Never share it with anyone, as WhatsApp will never ask for it directly.
2. Enable Two-Step Verification
Activate two-step verification in WhatsApp settings (Settings > Account > Two-step verification > Enable). This adds an extra layer of security by requiring a PIN in addition to the verification code when accessing your account.
3. Be Wary of Urgent Requests
Always verify unusual requests from contacts through a phone call or another trusted method before responding. Scammers often create a false sense of urgency to manipulate victims.
4. Report Suspicious Activity
If you receive suspicious messages or encounter unknown accounts, report them within WhatsApp. Press and hold on the message bubble, select ‘Report,’ and follow the instructions.
5. Stay Informed About Scams
Regularly educate yourself about new scams and tactics used by fraudsters. Awareness is key to prevention.
6. Contact Support if Compromised
If you suspect that your account has been compromised, contact WhatsApp support at support@whatsapp.com and report unauthorized access to local authorities like An Garda SÃochána.
If your WhatsApp account has been compromised, follow these steps to regain access:
1. Re-register Your Account: Open WhatsApp and enter your phone number. A six-digit verification code will be sent to you via SMS.
2. Enter the Verification Code: Input the code to log back into your account. This action will automatically log out anyone else currently using your account.
3. Check for Two-Step Verification: If prompted for a two-step verification PIN that you didn't set up, it means the hacker enabled it. You'll need to wait seven days before you can log in without the PIN.
4. Secure Your Account: Once you've regained access, enable two-step verification in WhatsApp settings for added security.
5. Contact Support: If you encounter issues, email WhatsApp support at support@whatsapp.com, detailing your situation.
6. Notify Contacts: Inform your contacts about the breach so they can be cautious of any suspicious messages coming from your account.
For more details on recovering a hacked WhatsApp account, visit https://faq.whatsapp.com/1131652977717250
Conclusion
As highlighted by reports from Irish media and advisories from the National Cyber Security Centre (NCSC), vigilance is essential in combating WhatsApp phishing scams. By understanding how these scams operate and implementing robust security measures, users can significantly reduce their risk of falling victim to these deceptive tactics. Stay safe and always think twice before sharing sensitive information online.
Contact me if you have issues https://www.mchugo.com/contact-us
Thanks
Colin
References
[1] FRAUD ALERT - WhatsApp account takeover scam - Lodge Service https://lodgeservice.com/fraud-alert-whatsapp-account-takeover-scam/
[2] Warning over rise of WhatsApp hacking scams https://www.rte.ie/news/2024/0828/1467144-warning-over-rise-of-whatsapp-hacking-scams/
[3] [PDF] NCSC Advisory https://www.ncsc.gov.ie/pdfs/2408200156_WhatsApp_Scam_Advice.pdf
[4] How scammers gain access and hack your WhatsApp account and what you can do to protect yourself https://www.bitdefender.com/blog/hotforsecurity/how-scammers-gain-access-and-hack-your-whatsapp-account-and-what-you-can-do-to-protect-yourself/
[5] 13 WhatsApp scams to know and avoid in 2024 - Norton https://ie.norton.com/blog/online-scams/whatsapp-scams
[6] 5 Examples of Dangerous WhatsApp Phishing Attacks - PhishGrid https://phishgrid.com/blog/whatsapp-phishing-attacks-awareness/
[7] New WhatsApp Scam Uses Call Forwarding Social Engineering to Hijack Accounts https://blog.knowbe4.com/new-whatsapp-scam-uses-call-forwarding-social-engineering-to-hijack-accounts
[8] How to protect yourself from suspicious messages and scams https://faq.whatsapp.com/573786218075805
Comments