With more than two billion active monthly users around the world, WhatsApp is by far the most popular messaging app. Unfortunately, since its creation 12 years ago, the app has been no stranger to convincing scams and SMS phishing attacks.
The scam itself is fairly simple and unfortunately has been around for years. When you first install WhatsApp on a new device, the platform will then ask for the phone number of the account. When you enter the phone number, you will then receive a text message giving you a one-time code. Once the correct code is entered, the phone will begin to receive WhatsApp messages. With this hack in particular, the attacker uses an already hijacked account to contact a victim’s friend/family. In their message, the attacker commonly tells the victim’s contact that they are having issues receiving a six-digit code, and as a result had it sent to them instead and to please send it back. That six-digit code is the WhatsApp verification code for the new victim, and by sending it to their friend/family they are actually sending it to the attacker. Once done, their own WhatsApp is hijacked!
The hijacker can message your friends/family and pretend to be you with your stolen account. A common trick is pretending that you are having a crisis and asking your contacts to send money. It also gives the hijacker your contacts' phone numbers, so they have the opportunity to continue to try the six-digit code trick with new victims. By hijacking your account, the scammer will also remain in any group chats that you are included in, where they could potentially see sensitive information.
According to WhatsApp, users must remain vigilant and not share the One Time Password (OTP) or SMS security code Users must remain vigilant and under no circumstances share the One Time Password or SMS security code with anybody, according to WhatsApp. For extra protection, users can also enable two-step verification to ensure complete safety. Finally, users must contact their friends or family members if they have received any suspicious messages on WhatsApp. WhatsApp has asked users to report any messages received from an unknown number in a guide you can view on their website.