A formidable scam is currently rampant on WhatsApp. It allows hackers to take over your account and all associated data through a message appearing to come from… WhatsApp itself!
With more than 2 billion users worldwide, WhatsApp is a prime target for cybercriminals. Many scammers use the famous messaging service to set up scams aimed at stealing personal data, hacking devices or, more simply, extracting money. Because although WhatsApp is renowned for its high level of security, there remains one loophole that cannot be filled: you. Through social engineering techniques, cybercriminals are able to gain access to your account. We think, for example, of false security warnings, or even fraudulent six-digit text messages. This time, with this new scam, hackers are sending phishing SMS messages with the same phone number that WhatsApp uses to send its confirmation codes, like thereported a user on Reddit.
WhatsApp scam: fraudulently obtaining the verification code
The message actually appears to come from WhatsApp itself, since the device displays the phishing messages under the instant messenger’s official number, along with real SMS messages previously sent. The mention “WhatsApp” does indeed appear as the sender. This gives the message a certain authenticity: the alleged sender has already proven that they are trustworthy through past mailings.
The message obviously contains a link, which takes you to a fake WhatsApp page with a rather talkative chatbot. This “guides” the victim through the “verification process”, which is actually used to gain access to the WhatsApp account. To do this, scammers take advantage of the coupling between the smartphone and the browser.
Indeed, each time you configure WhatsApp on a new device, the instant messenger sends a text message with a one-time six-digit code. Code that must be entered in the application to identify yourself on the device in question. By entering this famous code under the instructions of the chatbot, the victim gives the scammers full access to the WhatsApp account. This way, they can read all messages and send messages themselves under the victim’s name in order to obtain other personal data.
To avoid being fooled, you must activate two-factor identification by going to “Settings”, then “Account”, then “Two-step verification”, and finally “Activate”. This helps add an extra layer of protection. It’s also better to check in the WhatsApp menu, under “Linked devices”, which devices currently have access to the WhatsApp account and delete any that are no longer actively used. In any case, you should never share your account activation code – the famous six-digit code. Finally, you should not respond to unwanted messages, but block their sender. To do this, simply hold the message bubble, select “Report” and follow the instructions that appear.