WhatsApp scam June 2021
WhatsApp is currently the world’s most popular messaging app, with over two billion active monthly users.
But, over the past few years there have been a plethora of convincing WhatsApp scams that have caught people out across the globe.
Currently, there is a scam circulating that sends people messages that appear to come from their genuine contacts, making it especially persuasive. This month, many WhatsApp users have reported becoming victim to this attack. One victim noted that they were embarrassed to have fallen for such a seemingly “simple” attack, emphasizing how important it is to double check everything you do on your mobile.
The WhatsApp hijack scam is a classic example of SMS phishing, whereby cyber criminals send text messages designed to steal your personal or financial information. This can be by getting you to download malware or fill out a malicious form. In this case, it’s by encouraging you to send money directly to them by impersonating a legitimate brand and contact.
What to look out for
If you receive an unexpected text message with a six-digit WhatsApp code, you could be a target for the WhatsApp hijack scam.
You will receive an unexpected code via SMS, despite the fact you haven’t initiated a request like this. It will appear as a genuine code that you might receive for verification purposes (e.g. when setting up a new account or logging into your existing account on a new device).
Next, you will receive a WhatsApp message asking for the six-digit code. This will appear to come from one of your genuine contacts, as their account will have already been hacked. Which is why you need to be extra vigilant.
One victim told the BBC, “I got a WhatsApp message from my good friend Michelle saying she was locked out of her account. She said she accidentally sent the access code to my phone instead of hers and could I just screenshot and send it over.”
Without realising, this victim had instead sent the access code to his own account across to the scammer, meaning they then had access to his WhatsApp account and personal information.
Once cyber criminals gain access to your account, they can exploit your friends and family by pretending to be you. They could, for example, pretend to be in an emergency and ask your contacts to send them money (but using their own bank details). They can also read your messages to gain more information about you and your social circle which can be used to devise more targeted cyber-attacks in the future.
How can I protect myself from SMS scams?
To protect yourself from SMS scams, WhatsApp recommend:
- Never giving a password or SMS security code to anybody, not even your friends or family.
- Enable multi-factor authentication for your work and personal apps to add an extra layer of protection.
- Be vigilant if you receive a message asking you for money, personal information, or a security code. If you’re in any doubt, just ring your friend or family member to double check.
WhatsApp has more information about this on their website.
As trusted technology experts, we support WhatsApp’s recommendations and would also suggest the following recommendations to combat all types of SMS phishing scams:
- Don’t reply to SMS messages from numbers you don’t recognise.
- Don’t share your login, personal, or financial details over SMS or any other form of instant messaging (genuine companies will never ask for sensitive information via text message).
- Check the language and communication style of all messages you receive, if they seem unusual, pause to think before replying.
- Be mindful of any messages with an immediate urgency placed on the action. For example, scammers will often impersonate genuine companies and inform you of overdue bills that need to be paid within a matter of hours. Genuine companies will give you a significantly longer period to pay any overdue balances and will follow up over the course of a few weeks/months.
- If you’re unsure about any messages, ring the contact directly. If you’re in a rush, don’t act impulsively, wait until you have time to fully review the message and deduce whether it’s genuine.
- If you ring the contact and they don’t pick up, find another way to verify their identity before giving away any confidential information.
- Be vigilant and try to keep up to date with the latest scams so you know exactly what to look out for.
What to do if you’re a victim of the WhatsApp scam
1. Inform your bank
If you realise shortly after you’ve transferred any money, you may be able to reverse the payment. This will depend on your bank and the stage of the transaction, but regardless it’s important to ring your bank and inform them of what’s happened immediately.
Letting your bank know as soon as possible will improve your chances of getting your money back. And even if you are unable to regain access to your money, they will likely put extra provisions on your account to protect you from fraud in the future.
2. Report it to the police
It’s critical that you report the scam to the police or relevant agency in your country of residence. In the UK, it’s important to contact Action Fraud, they will be able to advise you on the specific scam and use the information you provide to help prevent these scams occurring in future.
3. Report it to WhatsApp
Tell WhatsApp about the scam, show them the messages you received and give them as much detail as possible. This will help them warn other WhatsApp users in future. This can be done very easily within the app itself:
- Android: WhatsApp app > More options (the button in the top right with three dots on top of each other) > Settings > Help > Contact Us
- iPhone: WhatsApp app > Settings > Help > Contact Us
We hope you found this useful and urge you to follow the advice above to protect yourself from SMS scams. For more information on how to protect your business, you can download our cyber security eBook now.
Trending eBook: Cyber Security
The increase in remote working has led to a dramatic rise in cyber-attacks. Get your free eBook now to learn:
- Cyber security trends in 2021
- The major threats to your security
- How to keep your devices, email, and employees secure
- Our 5 top tips for protecting your business