One of the worst WhatsApp scams to hit the messaging service is making a comeback and it’s a threat that every user of this popular chat app needs to be warned about. This attack first reared its ugly head late last year with users targeted by a fake text message that claimed to be from a friend needing some help with a six-digit passcode. Now users are being targeted once again with social media full of WhatsApp fans saying they have been duped by the scam which, once again, seems to be flooding chats.
Posting on Twitter one WhatsApp user said, “3 members of my family have lost access to their WhatsApp this morning! Hackers send a text message from WA with a verification code, then a WhatsApp text from someone you know saying they desperately need the code. DO NOT SEND THE CODE OR CLICK THE LINK.”
So how does it work and what do you need to watch out for?
The new message which is doing the round is simple but highly effective. It all starts with a message, that appears to be from a friend or contact, which says, “Hello, sorry, I sent you a 6-digit code by mistake, can you pass it to me please? It’s urgent?”
That may seem harmless enough but it’s a clever way of accessing your account. Now, you might not be aware but whenever you upgrade your smartphone, WhatsApp will ask to verify your identity using your phone number before allowing you to access any chats backed up to the cloud. It’s this six-digit code that hackers need to get their hands on to gain access to your account.
READ MORE: Sky TV, NOW and Roku users get extra content to watch this week for free
To verify the identity of the person trying to log into your WhatsApp, the Facebook-owned firm will send a randomly generated six-digit code in a text message to the phone number that’s registered with the account. Of course, this won’t go to the hackers, but will end up on your phone.
People often see this code appear on their device, then get the text from the “friend” asking for it. Without even thinking they then forward it on completely unaware that they are actually handing over full access to their account and chats.
To show how easy it is to be duped, Jeremy Vine revealed last year that he had fallen foul of it. In a tweet, the Radio 2 presenter warned his listeners to be on alert for the trick – which left him locked out of his WhatsApp and allowed cybercriminals to use his contact list to target more people.
Speaking about the scam Ray Walsh, Digital Privacy Expert at ProPrivacy, said: “WhatsApp users need to be on the lookout for a worrying new scam that is allowing cybercriminals to hack into people’s WhatsApp accounts. Anybody who receives a message out of the blue with a one-time PIN code should be extremely wary because this is how the attack starts. Following the receipt of the unexpected OTP code, the hacker will send the victim a direct message claiming to be their friend or contact. They will then ask to be forwarded the code by claiming to have mistakenly sent it to them.
“That code is actually the two-factor authentication code for accessing the victim’s WhatsApp account, and once the victim forwards it to the hacker they will use it to hack into their account. Always be on the lookout for any text messages that contain an OTP code and never, ever forward or screenshot or otherwise pass those codes on to anybody, no matter how genuine they sound.”
This post originally appeared on Daily Express :: Tech Feed