Protecting yourself against scams on WhatsApp (22nd October, 2020)

WhatsApp usage has increased tremendously in recent times, but unfortunately, so has cyber-crime and hacking.

Cybercriminals are utilizing a social engineering technique to trick WhatsApp users into handing over the keys to their account. The scam has been around for quite some time but has now resurged, possibly due to the COVID-19 Pandemic that has increased reliance on messaging apps.

How does it work?

Your WhatsApp account is linked to your mobile phone number. When you install the application on your mobile device, the app does not know the cell number attached to that device. Instead, you are prompted to enter your phone number and you are then sent a code via SMS. Because of the reliance on this SMS system, WhatsApp can be linked to a different number than the phone it is installed on. This creates a security vulnerability that cybercriminals have been exploiting.

Using this vulnerability, the attacker leaps into action by sending an SMS to someone pretending to be their friend or contact. The attacker claims to be struggling to verify their own WhatsApp account and asks if the authentication code can be sent to your phone instead. What victims do not know is that the authentication code is for their own account. Many victims have fallen for this scam because they think they can trust the person they are talking to. Once the attacker gets into another person’s account, they may ask for money or steal personal information such as contact information from your friends. They can then send the same request for an authentication code to contacts who know and trust you – an approach that is much more likely to be successful than an SMS from a random unknown number.

How to Protect Yourself from this scam?

  • Never give out six-digit authentication numbers to anyone, even if the other person appears to be someone you trust.
  • Activate two-step verification for your WhatsApp account. Doing this will allow you to have an added layer of protection, which means that even if someone gets hold of your six-digit number, they will still need an extra password. To set this up, open your WhatsApp and click on “Settings” then “Account” and then “Two-Step Verification”. You will be prompted to enter a six-digit PIN which you will be asked for when you register your phone number with WhatsApp. Choose your PIN and click “Next” to save it. Do not share this PIN with anyone and always try to remember it. Periodically WhatsApp will ask you to enter the PIN when accessing the application as a security measure and to also help you remember the code. You will also be given an option to set up a backup email address. For More information on account security, please visit: https://faq.whatsapp.com/general/security-and-privacy/account-security-tips/

Hoax Messages

There is also another scam being circulated in the form of Hoax messages. This may involve messages being sent from an unauthorized third party and not WhatsApp.  Unwanted messages from unauthorized third parties may come in several forms, such as spam, hoax, or phishing messages. These messages are designed to deceive users and prompt them to act in a certain way.

How to identify Hoax messages?

You may be the target of a devious scheme if any of the following describes messages you have received on WhatsApp or email:

  • The Sender claims to be a representative of WhatsApp.
  • The message includes instructions to forward the message to others.
  • The message claims you can avoid account suspension or other punishment if you do not forward the message to others.
  • The message promises a reward or gift from WhatsApp or another person.

How to protect yourself from Hoax Messages?

  • Block the sender and delete the message. For more information on blocking an account, visit https://faq.whatsapp.com/android/security-and-privacy/how-to-block-and-unblock-a-contact
  • Never give personal or account information to anyone. WhatsApp will never ask you for account details and are very unlikely to send any messages directly.
  • Never share or forward these messages that fit into the categories described above.
  • Never click on links in unsolicited messages. If you receive a link from a trusted contact, call them and verify if they sent the link and ask them what it is about.

References

  • How to avoid the latest WhatsApp scam that aims to hijack your account. (2020, June 02). Retrieved from Tech Radar: https://www.techradar.com/news/scammers-are-using-a-social-engineering-trick-to-hijack-whatsapp-accounts
  • Méndez, R. (2020, April 27). Don't Click Links in Unsolicited Text Messages. Retrieved from Consumer.ftc.gov: https://www.consumer.ftc.gov/blog/2020/04/dont-click-links-unsolicited-text-messages
  • Simple WhatsApp scam that hijacks your account is so easy to fall for – do NOT get caught. (2020, March 30). Retrieved from The Sun: https://www.thesun.co.uk/tech/11284048/simple-whatsapp-scam-hijacks-your-account/