The Delhi Police Cybercrime division is alerting WhatsApp users to be careful about a new type of scam which involves hijacking of WhatsApp accounts. The scam involves taking over someone’s WhatsApp account so that it can be used to communicate with friends and family members of the victim in order to carry out financial transactions. Delhi Police in a series of tweets said that the fraudsters simply aim to lock out users by using WhatsApp’s two-factor authentication. Here is everything you must know about this
Scamsters pose as WhatsApp technicians and ask for verification PIN from the victim
Delhi Police explained, attackers obtain WhatsApp verification PIN from target using a fake account with official WhatsApp logo as display picture to trick users into believing that it is the official account of WhatsApp tech team.
Scamsters reach out to victims over WhatsApp chats from fake IDs
The attacker creates a fake account with the official WhatsApp logo as a display picture posing to be WhatsApp technical team’s account.
A message is sent to the victim for WhatsApp verification
The scamster tries to login to the victim’s WhatsApp account
“The target is easily tricked when they see the message coming from an account appearing to be the official team account and share the PIN. In reality, the attacker is trying to login from his/her device into the target’s WhatsApp user account to hijack the account,” explained Delhi Police.
The moment the victim shares verification PIN, his WhatsApp account gets hijacked
“If the target divulges the PIN to the attacker, the account gets hijacked. The attackers can then leverage their access to the hijacked account to further send fraudulent messages to friends and family of the target, asking for money, PIN, OTP, etc,” said Delhi Police.
Never share verification code sent with anyone for any reason whatsoever
Activate two-step verification in WhatsApp and other social media accounts
It is advisable to activate ‘two-step verification’ for social media accounts. This will enhance the security of your account and even if the attacker gets access to verification code, a password will still be needed to successfully log into the account.
Representatives of WhatsApp or any other social media apps will never ask for verification PINs
Never respond to personal messages asking for PIN or any other sensitive personal information. Social media or messaging Apps do not send such messages
Immediately re-verify your WhatsApp account if you have shared PIN with anyone