WhatsApp Phishing: OTP scam in progress against thousands of users! WhatsApp has completely changed the way users communicate. More than 2.000 million people use the service. However, it is important to keep your account protected. When a platform gathers so much information about the user and his contacts, cyber criminals will try to take advantage of the accounts.
Caution! Stolen WhatsApp accounts are on the rise.
According to recent reports, criminals are trying to deceive users with a new six-digit fraud. Note that in the recent past we have encountered similar scams in the messaging service.
How the hacker deceives you
In this particular scam, the hacker, who in previous scams pretended to be one of the contacts he had hacked, downloads the WhatsApp application to smartphone of and enters the phone number of the account he wishes to steal. Then the messaging application sends a six-digit verification code via SMS. In this way, the application ensures that the person requesting access is the real owner. These digits - unless the smartphone has previously been infected with malware- are not available to the hacker.
Then all the criminal has to do is cheat the legal account holder to share information. What it does is send one WhatsApp message to the victim as a friend, collaborator, acquaintance. In it, she tells him that she accidentally sent him an SMS with six numbers and asks him to promote it to himj. Specifically, the fraud message states:
"Hello, I'm sorry, I sent you a 6-digit code SMS by mistake, can you send it back to me? It is urgent." (Hi I'm sorry, I sent you a 6-digit code by SMS by mistake, could you pass it on to me please? Urgent)
As it is a request from a person who trusts the victim, it is easy to fall into the trap and end up revealing sensitive data and personal information. It is a big risk, both for the user and for the rest of their contacts.
Essentially, through social engineering, the scammer can gain access to very sensitive information through victims' contacts, such as passwords for other services; social media codes, passwords for electronic bank accounts, etc.
The specific attack has already begun to take place in Greece. More than 60 SecNews readers (who do not wish to be identified) shared the fact that in recent days they have received messages such as the following from their known contacts:
Tech Support fraud
The six-digit fraud is just one example countless scams used by cyber criminals to steal a WhatsApp account. In recent months, a campaign in which the invaders pretend WhatsApp technical team has managed to trick many users into falling victim to hackers.
The hackers communicate with the victim on the pretext that someone recently connected to WhatsApp with their own phone number. To verify that the person you are talking to is the owner of this account, they are asked to send them a security code again which they will receive in a few minutes via SMS. If the victim sends this code, which is the platform verification code, he completely loses control of his account and gives his username to the intruders.
What is WhatsApp OTP Scam?
Hackers can contact you via SMS or any other way, pretending to be your friends or relatives and will tell you that their WhatsApp account has been logged out by mistake and they need your help. They can claim that they do not receive OTP as they have logged out of their WhatsApp account and sent it to your number.
If you tell the password to the hacker, your account will be logged out. The attacker will then have access to your account and all your personal messages.
What happens in case of account breach?
The hacker can send messages to your friends / relatives and can also request money pretending to be you.
What should you do if this happens?
If you have been the victim of this scam, you should immediately restore WhatsApp and log in again.
How to avoid fraud?
The rule is to never share your OTP or personal information with anyone, not even with your closest relatives or friends. Always call and confirm if you have any doubts.
Also, the WhatsApp never sends OTP unless prompted. The application also has a two-step verification process.
We inform both the authorities and our readers that because the attack is currently underway, everyone must be vigilant.
NEVER send reset codes that have come to our mobile phone to third parties and we do NOT click on recovery links !!