×

Irish Information Security Forum

ALERT! : Understanding the WhatsApp Verification Code Scam

IISF Alert: September 2024

 

There is an escalating trend of ‘WhatsApp Verification Code Scams’ being deployed against users in Ireland. Users should remain mindful when using WhatsApp for business purposes and the data that may be exposed by the compromise of their WhatsApp account.

 

The WhatsApp verification code scam is a prevalent form of social engineering attack aimed at hijacking users' accounts. Here's how it works and how you can protect yourself.

 

 

WhatsApp verification code scam
Fig.1 example of a legitimate WhatsApp verification code

 

 

How the Scam Works

  • Initiation: The scam begins when a fraudster attempts to register a WhatsApp account using your phone number. WhatsApp sends a six-digit verification code to your phone via SMS to confirm the registration.
  • Contact: The scammer then contacts you, often posing as a friend or WhatsApp support, claiming they mistakenly sent the verification code to your number and asking you to share it.
  • Account Takeover: If you share the code, the scammer uses it to complete the registration process on their device, effectively taking control of your WhatsApp account. They can then access your messages and contacts, and potentially use your account to scam others²³.

 

Protecting Yourself

  • Never Share Verification Codes: WhatsApp will never ask you to share your verification code. Treat it like a password and keep it confidential.
  • Enable Two-Step Verification: This adds an extra layer of security by requiring a PIN in addition to the verification code when registering your phone number with WhatsApp².
  • Be Skeptical of Unsolicited Messages: If you receive a message asking for your verification code, verify the sender's identity through another communication channel before responding.
  • Educate Contacts: Inform your friends and family about this scam to prevent them from falling victim and inadvertently aiding scammers².

 

What to Do If You're Targeted

 

  • Do Not Share the Code: If you receive an unsolicited verification code, ignore any requests to share it.
  • Secure Your Account: Enable two-step verification and review your account settings to ensure no unauthorized devices are linked.
  • Report the Incident: Notify WhatsApp support and inform your contacts that your account may have been compromised².

 

 

NCSC Advisory - WhatsApp Verification Code Scam

WhatsApp Verification Code Scam Advisory

 

 


References

(1) Received a WhatsApp verification code without requesting it? Beware .... https://www.bitdefender.com/blog/hotforsecurity/received-a-whatsapp-verification-code-without-requesting-it-beware-you-might-be-about-to-have-your-account-stolen/.
(2) WhatsApp six-digit verification code scam: how to stay safe. https://www.lovemoney.com/news/111749/whatsapp-six-digit-verification-code-scam-how-to-stay-safe-two-step-verification.
(3) 13 WhatsApp scams to know and avoid in 2024 - Norton. https://us.norton.com/blog/online-scams/whatsapp-scams.
(4) WhatsApp scam tries to steal your account: how to avoid it - T3. https://www.t3.com/news/whatsapp-scam-tries-to-steal-your-account-how-to-avoid-it.

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter