A.P C.I.D, Cyber Crimes Alert on WhatsApp Account Hijack Scam- issued by Ministry of Home Affairs.
- The attacker creates a fake account with the official WhatsApp logo as their display picture posting to be WhatsApp technical team’s account.
- The attacker then sends a message to the target asking him/her to share the six-digit verification PIN to verify their identity.
- The target is easily tricked when they see the message coming from an account appearing to be the official team account and share the PIN.
- In reality, the attacker is trying to login from his/her device into target’s WhatsApp user account to hijack the account.
- When a user tries to log into WhatsApp account from a new device, a six-digit verification Pin is sent to the user. The attacker tries to obtain this PIN from the attacker, the account gets hijacked.
- The attackers can then leverage their access to the hijacked account to further send fraudulent messages to friends and family of the target.
- Immediately re-verify WhatsApp account, if PIN has been shared with anyone.
- Never share verification codes sent by Social Media platforms with anyone.
- It is advisable to activate ‘two-step verification’ for social media accounts, wherever possible. This will enhance your account security and even if the attacker gets access to verification code, a password will still be required to successfully log into the account.
- Never respond to personal messages asking for PIN or any other sensitive personal information. Social media Apps do not send such messages.