WhatsApp Scam Steals Account Login and Private Messages
Hackers are using native WhatsApp messages to scam account credentials from other users. The messages are branded to make it look like they come from WhatsApp tech support and ask the target to verify their account. If the user replies with the requested account information, their WhatsApp account may be hijacked, and all the private images and messages stolen. The scam was reported by British radio giant, Global Media.
In this WhatsApp scam, hackers attempt to trick users into sending them their account security PIN which is then used to take over the account. Once the malicious actor gains account access they can see all of the account details as well as the private images, videos, and messages. They will also be able to call or message anyone on your contact list.
This scam starts with a request for account verification. The hacker sends the target a message on WhatsApp claiming they accidentally sent an authorization code.
The scam message appears comes from the “WhatsApp Technical Team” in an attempt to fool the recipient into thinking it is an official communication. The sender uses the WhatsApp logo as their profile photo to add more credibility which increases the chances the victim will follow the instructions in the message.
The message then asks victims to verify their account identity by responding with their six-digit PIN code.
The goal is to get the target’s authorization code.
With the exception of general announcements for all users, WhatsApp doesn’t message users on the app. When they do a green verified indicator is visible.
WhatsApp never asks for your data or verification codes.
Does WhatsApp Have a Password?
No. WhatsApp does not use password to secure your account. But it does have two-factor authentication for both Android and iPhones. The account is registered to your phone. But if an unauthorized user gets your PIN code, they can hijack your account and see your contacts and private information. IT is best to protect your account with two-factor authentication.
How do I protect my WhatsApp account against scams?
Adding two-factor or multi-factor authentication helps to secure any online account.
How to Set up WhatsApp 2FA PIN Code
To protect your WhatsApp or any online account against scams, set up two-factor authentication (2FA) for your account. If someone gets into your account, they won’t be able to login without the PIN code. Also, you should attach your email address to your WhatsApp incase you forget your PIN code. You can change or disable WhatsApp PIN if you have provided an email address while setting up two-step verification.
If you want to take it one step further, add on a reliable device protection app, like Heimdal.
- Open WhatsApp on your phone
- Tap Settings
- Select Account
- Tap Two-Step Verification
- You’ll see a message which prompts you to select a six-digit PIN
- Enter your six-digit PIN
- Enter it again to confirm
- You will also be prompted to associate an email address with your account. This is another added layer of security you can use to secure your WhatsApp
Your six-digit security PIN number shouldn’t be shared with anyone.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers