Your WhatsApp account can be stolen with this nasty trick
From posing as friends and acquaintances, scammers have moved to posing as WhatsApp support team
In April this year there was a WhatsApp vulnerability that was letting bad actors hijack your account if they knew your phone number and could take a glance at your screen. Hackers were also targeting you through family and friends’ accounts by asking you to share a verification code.
In the second case, these hackers would pose as someone you know and pretend to have lost access to their account. Then they would tell you that they are going to use your number to reactivate their account and ask you to share a verification code you have received. If you fell for this and shared your code, you would immediately lose access to your own WhatsApp account.
What these scammers were essentially doing was they were using your phone number to log into WhatsApp from another phone. If you are already logged into your account on one device and try logging in on another, WhatsApp will send you a verification code to check since your account it tied to your number, not your device. The scammers were convincing people to share these codes with them. Once that was done, they would then log into WhatsApp using your number.
There were ample warnings about this scam and now it seems hackers have evolved their modus operandi and now no longer even need to know your phone number.
Posing as WhatsApp’s Support Team, hackers are reportedly sending messages to WhatsApp users saying that they have found someone else trying to register a WhatsApp account using your number. The message then adds that you have been sent an identification request via SMS.
WhatsApp’s two-factor-authentication (2FA) uses a six-digit code that is sent to the user’s account to verify that the owner has requested for a number change or is shifting devices. This 2FA shows up by default on the screen the very moment it is sent, so if anyone can see your screen, they can see the code and steal your account.
The new twist in the scam doesn’t even need anyone to take a look at your screen since they are looking to convince you to hand over the code yourself. To make a point, the message also adds that if you do not verify, your account will be indefinitely suspended.
This is #FAKE. WhatsApp doesn't message you on WhatsApp, and if they do (for global announcements, but it's soooo rare), a green verified indicator is visible.— WABetaInfo (@WABetaInfo) May 27, 2020
WhatsApp never asks your data or verification codes.@WhatsApp should ban this account. 😅 https://t.co/nnOehPL8Ca
How to avoid this?
The easiest way to avoid this is to set a PIN on your WhatsApp account. Go to WhatsApp settings on your phone, tap Account and then tap Two-Step Verification. Create a six-digit PIN. You will be asked to enter this PIN if you move your WhatsApp account to a new phone.
And, don’t share your PIN or code with anyone.