Skip to main content

How to avoid the latest WhatsApp scam that aims to hijack your account

WhatsApp
(Image credit: Shutterstock)

Fraudsters are using a social engineering trick to fool WhatsApp users into handing over the keys to their accounts.

As Zak Doffman of Forbes explains, the scam has been around for some time, but has seen a recent resurgence, possibly due to increased reliance on messaging apps during the coronavirus pandemic. 

The attack can take two forms, both of which rely on tricking the user rather than compromising the app itself. In the first type of attack, you receive an SMS from a person claiming to be a friend or contact. The person claims to be struggling to verify their own WhatsApp account, and says the authentication code will be sent to your phone instead.

Of course, the verification code sent to your phone is for your own account, and together with your mobile number, allows the crook to log in as you on their own device, access your conversations, and send messages posing as you.

The attacker can then send the same request for a verification code to contacts who know and trust you – an approach that's much more likely to be successful than an SMS from a random unknown phone number.

Be alert

Now, attackers have found a more convincing way to trick you into parting with your login details: sending messages purporting to be from WhatsApp itself.

The new form of attack was first reported by WABetaInfo on Twitter, after a user queried a strange-looking message that appeared to originate from the company.

See more

As WABetaInfo notes, WhatsApp and its partner company Facebook will never ask for your account details, and are very unlikely to send you any messages directly.

It's also wise to protect your account by enabling two-step verification, which prevents any attempts to log into your account on a new device without also entering a six-digit PIN that you have created yourself. Find out how to set it up now.

Cat Ellis

Cat Ellis (@CatEllisTech) is the fitness and wellbeing editor at TechRadar. She's been a technology journalist for 11 years, and cut her teeth on magazines including PC Plus and PC Format before joining TechRadar. She's a trained run leader, and enjoys nothing more than lacing up her shoes and hitting the pavement. If you have a story about fitness trackers, treadmills, running shoes, e-bikes, or any other fitness tech, drop her a line at catherine.ellis@futurenet.com.