WhatsApp scam tries to steal your account: how to avoid it

WhatsApp is a hunting ground for crooks looking to swindle your PIN

WhatsApp
(Image credit: BBC.com)

While WhatsApp scrambles to salvage its image after a tumultuous couple of weeks, there's been an uptick in scams affecting the platform. Fraudsters are always inventing new ways to gain access to your details, but this is a return to the ways of old. 

The verification code scams do without the bells and whistles of more complex attacks, opting to hijack your phone's verification code. What may seem like an innocent message from WhatsApp, could be a wolf in sheep's clothing trying to brazenly dupe you.  

It’s a riff on the classic login code scam, in which the ne’er-do-well poses as WhatsApp. All new phones get a one-time WhatsApp code via SMS that must be entered to activate the service, and to start receiving messages. 

A new rendition of the scam is doing the rounds, originating from the so-called ‘WhatsApp Technical Team’. T3 recently covered the mass exodus from WhatsApp to other end-to-end encrypted platforms, spurred by changes to its privacy policy.

The scam works as follows: using an already hacked WhatsApp account, the crook-in-disguise reaches out, claiming to have mistakenly sent you an authorisation code – in reality, they’re seeking your own login code. The scam is one of the oldest tricks in the book, but appears to have credibility due to it seemingly originating from WhatsApp itself. 

Of course, the easiest way to repel these attacks is to never disclose your six-digit PIN; however, there are a few simple ways to boost your defences without drowning in the world of security lingo.

Enable two-step verification

Two-step verification is the first and last line of defence, propping up your app security without needing any expertise. It'll give you a unique PIN – not the same one as your activation PIN – that is an additional layer of security.

It's an optional feature, but one that T3 advises everyone to use. You can enable two-step verification from the settings menu. It's also a good idea to have a recovery email address, as it allows you to regain access should you lose your code. 

The most important thing to remember is that you must never disclose these codes to anyone, for any reason. WhatsApp won't ask for them, there is no legitimate reason to share them with anyone - so please don't. To enable this feature, you can follow the steps below:

  • Open WhatsApp Settings
  • Account > Two-step verification > Enable
  • Enter a six-digit PIN of your choice and confirm it
  • Provide an email address you can access or tap 'Skip' if you don’t want to add an email address. We recommend adding an email address as this allows you to reset two-step verification, and helps safeguard your account.
  • Tap Next.
  • Confirm the email address and tap Save or Done.

Turn on security notifications

This may seem like an obvious one – and there certainly isn't any formal treatise on the topic – but go and switch those notifications on.

This can be activated from the main security menu: a small green toggle, which when flicked to 'on', will ping a message to your phone any time a contact's security code has changed. It's a useful trick to stay abreast of any changes that might otherwise fly under the radar.

Remove cloud backups 

And, so, this one feels quite pertinent: opting to turn off WhatsApp backups to iCloud or Google Drive is a good way to boost security, as well as privacy. End-to-end encryption is great, unless your backups are retrievable in an unencrypted form. Disabling this option should help reduce any chance of your conversations being compromised. 

Ultimately, the aim is to stop these criminals accessing to your account or personal data in backups, stopping them accessing your contacts, and delving further into the inner sanctums of your messages. This can lead to further nefarious activity, including more serious identity theft.

T3 reported has reported on WhatsApp hacks before, but this new scam has resurfaced with a vengeance, as scammers look to capitalize on the uncertainty around WhatsApp’s recent news coverage. The problem with these scams is that it opens up more attack vectors for the criminals, as they look to exploit your contacts.

If you're unsure on where you stand with WhatsApp, then it's also worth checking out our WhatsApp alternatives: a who's who of privacy-focused messaging platforms to help your data stay secure. In the meantime, it's always worth checking-in with friends, especially if their messaging activity raises any red flags.

Source: Business Insider India