Internet scammers are continuously stepping up to target a larger number of personal data and different accounts of unsuspecting internet users. WhatsApp may not be very easy to hack into but scammers have found a new workaround to the service’s end-to-end encryption to gain access to your account.
As per a report by Gulf News, the Telecommunications Authority of the UAE has issued an advisory on Twitter for WhatsApp users and warned that they should not reply to code verification messages unless it is triggered by the subscriber. Many WhatsApp accounts have been hacked through this method.
According to a report by TechRadar, this new attack is nothing out of the ordinary and it relies on phishing. Normally, when one installs WhatsApp on an Android or iOS device, WhatsApp sends a verification code to check if you are the owner of the phone number. In this case, however, the scammer is sending you a WhatsApp code and a link and not a six-digit verification code.
Clicking on the link sent by the scammer simply confirms on behalf of the scammer to WhatsApp that it is you. After the verification code is requested, WhatsApp just checks the sent code to confirm that it was indeed requested by you. In the case of this scam, scammers and other malicious parties use the URL just to confirm your identity to WhatsApp. This means that opening the link will inform WhatsApp that it was you who requested the verification code. By that way, you lose control of your WhatsApp account and the scammer can read and send messages on your behalf.
Also, scammers are now sending fake verification SMS messages to potential victims. You may think that WhatsApp may be sending the SMS messages for some security check but WhatsApp does not send any SMS messages to users after the initial verification when the user is setting the app in a new device. So, scammers are really trying to copy the first verification message as part of the scam.
As per a statement issued by the TRA to Gulf News, “Mobile users should not share the verification code that is sent to them by SMS, otherwise, their account will be compromised. Many WhatsApp accounts were hacked this way, and subscribers lost all their details.”
It is to be noted that this is not the first WhatsApp-centric fraud that has surfaced online. However, you don’t really have to worry as the method is not as simple or straightforward as it sounds. Though as of now this fraud has not yet been reported from India, we would suggest you, to follow the TRA advice of not sharing the verification code that is sent to you by SMS, to avoid into getting any such trouble.
