Security | February 14, 2019
WhatsApp Scam Alert
WhatsApp users are being warned of a scam that could give hackers access to your WhatsApp account and lock you out in the process.
How the WhatsApp Scam Works
Hackers attempt to gain access to your WhatsApp account by taking advantage of our tendency not to change the default PIN code on our phones voicemail account.
Firstly, the hacker will try to install WhatsApp on their own phone using a legitimate user’s phone number, typically late at night, while the user is asleep and not using their phone.
WhatsApp will attempt to verify the login by sending a one-time verification code via SMS to the victim’s phone.
The hacker doesn’t have access to the victim’s phone, so is unable to see the verification code and enter it.
When the verification code is not entered, the WhatsApp service prompts the user to perform a ‘voice verification’, during which the WhatsApp service calls the victim’s phone and speaks the one-time verification code out loud.
Since the victim is likely asleep, the automated message is left as a voicemail.
Most mobile service providers allow remote access to your voicemail account, by calling a generic number and entering your PIN code.
So to retrieve the voicemail, the hacker simply needs to call the generic phone number and enter the victim’s four-digit PIN – which, if you haven’t changed it, is typically a simple combination such as 0000 or 1234 by default.
Once the hacker listens to the pre-recorded voicemail and hears the verification code, they can then access your WhatsApp account on their own device
Our Recommendations
- Change the default PIN code on your voicemail account to a strong password. This can be done in your phone’s voicemail settings or by calling your phone service provider.
- Turn on two-factor authentication on your WhatsApp account to add an extra layer of security. This can be done by opening the app and going to Settings > Account > Two-step verification > Enable.