How to prevent falling to WhatsApp Scams

This article is adapted from The Straits Times.

Curious on how this works? Well, read on to find out more!

So in this new scam variant, the scammers pretend to be a friend of a victim by using a hacked WhatsApp account belonging to the friend and then communicating with the victim through the messaging service.

Posing as the friend, the scammers tempt the victim into buying gold bars they claim are being sold at 30 per cent below the market rate.

These scammers then explain that the gold bars are being sold cheaply because they were seized by the Immigration and Checkpoints Authority or Singapore Customs, and were being auctioned off.

A fake invoice supposedly issued by Singapore Customs is provided and the scammers instruct the victims to transfer payment for the gold bars to a list of bank accounts.

Sometimes, the victims are told to meet the scammers to collect the gold bars.

The victims realise they have been duped only when they do not receive the gold bars, or when they find out that their friend's WhatsApp account had been hacked.

The police said a scammer can hack into a WhatsApp account by using a voicemail method.

The scammer tries to log into a victim's WhatsApp account on his own device, and then deliberately fails the verification process by keying in the wrong six-digit verification codes repeatedly.

When the verification fails repeatedly, WhatsApp will prompt the victim to perform a voice verification.

It will do this by calling the victim's phone number to provide the verification code in an audio message.

If the victim ignores the call or if his phone is not switched on, the audio message is directed to the victim's voicemail account, if he has voicemail enabled.

The scammer will then seize this opportunity to access the victim's voicemail account remotely by using the default PIN used by telecoms service providers.

This works only if the victim has enabled voicemail and has not changed the default PIN for the voicemail account.

After accessing the voicemail account, the scammer can get the six-digit verification code from the audio message in the voicemail and use that to take over the victim's WhatsApp account.

Once in control of the account, the scammer can enable a two-step verification process to prevent the victim from regaining control of his WhatsApp account.

And ta-da! This is how they do it!

So how do you prevent falling to such WhatsApp Scams?

1. Always be wary of any unusual request you receive over WhatsApp, even if its sent by people in your WhatsApp contacts list

2. Always call friends who presumably sent the requests to verify their authenticity, but do not do so through WhatsApp, as their accounts might be under the control of scammers

3. Only buy from authorised sellers or reputable sources especially for big-ticket items (especially if the prices seem too good to be true!)

4. Enable two-step verification under "account" in their WhatsApp settings to prevent your WhatsApp from being hacked

5. Contact your telecoms service providers to change your voicemail account's default PIN or to deactivate the voicemail feature

Still want to find out more on how you can heighten the cybersecurity in your company and amongst your employees/ colleagues? Click the green button below to contact us today!