Internet scammers are continuously stepping up their game to target a larger number of personal data and different accounts of unsuspecting internet users. Continuing with this trend, a new report has indicated that scammers are now targeting WhatsApp accounts of users with a new method of attack. It also stated that the actual method seems to be actually working as a number of users have reported the attack after they were locked out of their accounts. It is worth noting that this is not the first WhatsApp-centric fraud that has surfaced online. However, you don’t really have to worry as the method is not as simple or straightforward as it sounds.
According to a report by TechRadar, this new attack is nothing out of the ordinary and it relies on phishing. To simplify, the success of the method relies on fooling WhatsApp users into clicking a website link. To do this, scammers are now sending fake verification SMS messages to potential victims. You may think that WhatsApp may be sending the SMS messages for some security check but WhatsApp does not send any SMS messages to users after the initial verification when the user is setting the app in a new device. So, scammers are really trying to copy the first verification message as part of the scam.
Watch: Android Q First Look
The fake verification SMS messages do not come with a verification code. Instead, the message contains a fluke WhatsApp code along with a link to the website. One may think how can scammers take control of their WhatsApp account with the help of just a URL. To do that, one must understand that the verification code for the initial WhatsApp setup can be requested by anyone.
After the verification code is requested, WhatsApp just checks the sent code to confirm that it was indeed requested by you. In the case of this scam, scammers and other malicious parties use the URL just to confirm your identity to WhatsApp. This means that opening the link will inform WhatsApp that it was you who requested the verification code. The information about the scam was initially reported by Gulf News after Telecommunications Regulatory Authority of the UAE issued an advisory on its official Twitter handle. As part of the advisory, TRA asked WhatsApp users to not share any verification code that is sent to them using SMS.