WhatsApp is by far the most popular messaging application in India, with over 400 million active users of the app’s service in India. Now, Maharashtra Cyber has revealed a new tactic that scammers around India are using to trick unassuming WhatsApp users to hack their WhatsApp accounts. Alongside hacking individuals, the scammers are using the new WhatsApp hack tactic to trap others on a person’s contacts list, and then threaten to compromise a person’s personal messages and photos to extort money out of them. The key to the new WhatsApp hack, as revealed by Maharashtra Cyber, is in the hackers getting access to WhatsApp’s one-time verification code that users have to enter when setting up a new WhatsApp account.
According to Maharashtra Cyber, the WhatsApp hack works as a result of lack of awareness in terms of essential cyber security protocol, and not a flaw in WhatsApp’s Android and iOS apps. In this hack, scammers typically attempt to login to a WhatsApp account through a person’s phone number. The person is subsequently called and duped into believing that the callers are genuine, at which point the scammers ask the person to share a one-time password that they may have received. This password is the verification code that WhatsApp asks users to enter when setting up their WhatsApp account on a new device.
Once the scammers get access to this code, they then get access to the victim’s entire contact list, along with linked media if they had their WhatsApp accounts backed up. After gaining access, the hackers then proceed to message the most frequently contacted individuals in the victim’s list of messages, who are more likely to trust the person. This leads to a domino effect, using which the hackers are reportedly taking over multiple WhatsApp accounts. Once the accounts are taken over, the scammers then contact the victims and threaten them with releasing private messages and even photos to the public, hence extorting money from these users.
Revealing the pattern of these WhatsApp hacks, Maharashtra Cyber has issued an alert to the public to make sure that they do not share their WhatsApp verification codes with anyone, no matter how convincing they might sound. The main reason behind this recurring hack, it appears is not any flaw in WhatsApp’s own servers or apps, but a dire lack of cyber security knowhow among the common people. Most of these scams and hacks are low level, bulk hack attempts, and are the most common form of cyber scams around the world. However, a lack of awareness around the consequences of sharing a private password is what leads to such situations.
On this note, WhatsApp users are urged to remain ever vigilant about basic cyber security principles, which include not sharing any password or sensitive information with an unknown caller. Authorised personnel do not attempt to take over personal information to fix any flaws or glitches, and individuals are also requested to report such calls and approaches directly to cyber police departments in order to cut down on the threat of such cyber crimes and scams.