Hackers are trying to get access to WhatsApp accounts after stealing the identities of their victims’ contacts. Here’s how it works and what to watch out for.
First, you’ll receive an unexpected but genuine text message from WhatsApp containing a verification code. This is usually triggered when logging into the app for the first time, when you’ve been logged out, or you’re trying to log into WhatsApp from a new device.
But in the case of this scam, fraudsters have entered your number into WhatsApp themselves to try to get access to your account, triggering the verification code text.
🚨How this WhatsApp scam works
1. You get text
2. Then a WhatsApp message from a friend asks you for the code. DO NOT SEND
Your friend's WhatsApp has been hacked – now you're the target!
If you share the code, the scammers will hack yours too.
Sign up for free scam alerts⬇️
— Which? (@WhichUK) April 1, 2021
Next, one of your WhatsApp contacts will message you via the app, usually with a story to try to persuade you to give them the verification code you’ve just received. They might say they’ve accidentally entered your number by mistake, for example.
Because the message seems to be from a relative or friend, a lot of people have been tricked into passing on the verification code, which then allows fraudsters to take over their accounts.
Once they’ve taken over, scammers might use your account in a few different ways.
What happens next?
We’ve heard that scammers have identified their victims’ closest contacts from their message history and have asked them for money or sensitive information.
They could also find out personal details about you and your contacts from your messages. This information could be used to access other important accounts, target you with more scams, or even blackmail you.
Scammers are likely to carry out the same trick with verification codes with the new set of contacts they’ve unlocked, gaining access to more and more accounts. A WhatsApp spokesperson told us:
“The safety and security of our users and their messages are really important to us. However, just like regular SMS or phone calls, it’s possible for other WhatsApp users who have your phone number to contact you.
We advise all users never to share their WhatsApp SMS verification code with others, not even friends or family. We also recommend that all users set up two-step verification for added security. For more information and resources on how to stay safe online visit our website”
How to keep your WhatsApp account safe
⚠ Don’t share your login details or verification code with anybody. Not your closest family or trusted friends.
⚠ Set up two-step verification to secure your account.
⚠ Be wary of WhatsApp messages requesting money, even if they come from your contacts. If you’re not sure, give the friend a quick call to check.
As always, if you think you may have given sensitive details, such as payment information, to fraudsters, let your bank know what’s happened immediately.
WhatsApp users who have lost access to their accounts can contact firstname.lastname@example.org.
Have you been targeted by this WhatsApp verification trick? Have you received any other suspicious messages through the platform? Let us know what happened.