Cyber criminals are once again targeting the popular WhatsApp service with a nasty scam that can leave users locked out of their private accounts. Worse still, this sinister attack also hands full access to your most private messages, and contacts list, over to hackers who can then use it to target more unsuspecting users. This new scam uses an old technic that’s been seen in the wild before and appears pretty successful.
Those tricked, will usually receive a message on their phone that appears to have come from a friend or contact (who has probably already been taken in by the scam).
Once the hackers know you are willing to respond they then target your phone and attempt to gain access to your chat account via WhatsApp’s security pin number.
It’s a pretty simple scam as whenever you upgrade your smartphone, WhatsApp will ask to verify your identity using your phone number before allowing you to access any chats backed-up to the cloud.
It’s this six-digit code that hackers need to get their hands on to gain access to your account. To verify the identity of the person trying to log into your WhatsApp, the Facebook-owned firm will send a randomly generated six-digit code in a text message to the phone number that’s registered with the account. Of course, this won’t go to the hackers, but will end up on your phone.
READ MORE: Exciting new WhatsApp feature officially revealed but it’s not as good as it first appears
Next, the hackers will send a text to you – making an excuse for the six-digit code being sent to you – and asking you to forward it on to them.
As soon as you send the code, WhatsApp believes that it’s a genuine attempt to login to your account and will enable the chat on the hackers’ smartphone.
As far as your contacts are concerned, the hackers are now you and can continue to send texts in your WhatsApp conversations, or group chats.
This scam was circulating earlier this year and now it’s been spotted again. Currently, it appears that WhatsApp users in India are the main target but it’s a good reminder to be on alert if you get a message asking you to forward on a pin number.
Speaking about the latest scam Ray Walsh, Digital Privacy Expert at ProPrivacy, said: “WhatsApp users need to be on the lookout for a worrying new scam that is allowing cybercriminals to hack into people’s WhatsApp accounts.
“Anybody who receives a message out of the blue with a one-time PIN code should be extremely wary because this is how the attack starts.
“Following the receipt of the unexpected OTP code, the hacker will send the victim a direct message claiming to be their friend or contact. They will then ask to be forwarded the code by claiming to have mistakenly sent it to them.
“That code is actually the two-factor authentication code for accessing the victim’s WhatsApp account, and once the victim forwards it to the hacker they will use it to hack into their account.
“Always be on the lookout for any text messages that contain an OTP code and never, ever forward or screenshot or otherwise pass those codes on to anybody, no matter how genuine they sound.”