Police in the UK are warning WhatsApp users of a surge they have seen in attempts made by fraudsters to steal accounts.
In a tweet posted by Southwark Police in South London, for instance, officers warn that scammers are stealing accounts by tricking WhatsApp users to share verification codes they are sent via SMS.
The scam works like this. Whenever someone tries to register a WhatsApp account on a mobile phone they give WhatsApp a phone number. WhatsApp sends an SMS verification code to the mobile phone number they have been given, to verify that the number is active and that the user trying to register the account really owns the number.
However, a fraudster might contact a WhatsApp user – perhaps pretending to be WhatsApp customer support – and ask them to forward the six-digit verification code that has just been- or is about to be – received on the mobile phone.
Of course, you haven’t requested a verification code. Instead, a scammer has entered your phone number and requested a registration code – in an attempt to hijack your account.
On its website, WhatsApp warns that keeping your verification code secret is an essential part of securing your account:
You should never share your WhatsApp verification code with others. If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so. Without this code, any user attempting to verify your number can’t complete the verification process and use your phone number on WhatsApp. This means you remain in control of your WhatsApp account.
Of course, if someone does manage to seize control of your WhatsApp account they will then be able to see any future messages you receive, and pretend to be you.
WhatsApp says that for this reason you should never share your verification code with anyone, even if they are friends or family.
“If you suspect someone else is using your WhatsApp account, you should notify family and friends as this individual could impersonate you in chats and groups. Please note, WhatsApp is end-to-end encrypted and messages are stored on your device, so someone accessing your account on another device can’t read your past conversations.”
For a higher level of security on WhatsApp, you are advised to not only never share your six-digital registration code, but also enable two-step verification, restrict who can view your profile photo, and be cautious about transferring money with contacts unless you have confirmed their identity.
WhatsApp offers further advice on how to recover your account if it has been stolen from you, and recommends that you log out of all computers from your phone if you still believe someone might be using your account via WhatsApp Web/Desktop.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024