WhatsApp

Watch out for WhatsApp “Verification SMS” scams.

Scammers are tricking WhatsApp users into handing over SMS verification codes sent to their phones in a bid to trick them into handing over control of their accounts. This is how the scam works.

WhatsApp is a mobile messenger app that you install on your phone, allowing you to send text messages and even made audio and video calls.

However, unlike most other apps you have an account with, WhatsApp doesn’t do passwords. Eek! Instead, when you set up WhatsApp on your device, you enter your phone number during the installation process and WhatsApp sends you a six digit code via SMS for you to type in. And that’s all that’s needed to confirm your WhatsApp account and register it to that phone number. (Unless you enable 2FA. More on that later.)

This makes WhatsApp particularly vulnerable to SMS Verification scams. This is where crooks enter a potential victim’s phone number when installing the app, and then persuade that victim to send over the SMS verification code that gets sent to their phone.


Sponsored Content. Continued below...




This scam is extremely successful when crooks gain access to the WhatsApp accounts of that victim’s contacts.

Below is how this scam would work to try and target your WhatsApp account.

1. The scammer gains control of one of your friend’s WhatsApp accounts (possibly by using this same scam or a different one. Either way, they can now send messages to you posing as your friend.)

2. The scammer installs WhatsApp on a new device. As they do they enter your phone number when installing the app.

3. This triggers a [legitimate] confirmation SMS to be sent to your phone by WhatsApp. (see below.)

4. The scammer, posing as your friend, sends a message to you via WhatsApp claiming they sent the verification number to you by mistake and asks you to give it to them. (The particular story they use can vary.)

5. Once you provide the SMS code, you’ve given the scammer exactly what they need to finish the installation and now log into WhatsApp using your account. While the scammer cannot read previous messages (they’re stored, encrypted, on your phone) they can send messages to your contacts pretending to be you.


Sponsored Content. Continued below...




How to avoid the WhatsApp SMS Verification Scam

Firstly, if you get a WhatsApp SMS verification code sent to your phone, never give it out to anyone. Not even your “friends”. SMS codes sent to your phone number are relevant only to you and your account. There is no reason why anyone else – friends or strangers – would need that number from you.

Secondly, while WhatsApp do not support account passwords, you can enable two-factor authentication, which acts in a very similar way. This will allow you to set up a custom PIN number that will need to be entered anytime someone attempts to register WhatsApp to a device using your phone number. Not only will someone need the SMS code, but they’ll also need that PIN number as well. (Set it up by: Clicking the three dotted icon, then Settings, then Account, then Two Factor Verification.)

Remember, stay safe out there.

Share
Published by
Craig Haley