The Cyber Security Authority has revealed that at least 64 reports of WhatsApp account takeovers have been recorded since April 2023.
It is, therefore, cautioning users against disclosing their WhatsApp verification codes to persons posing as service providers.
The Authority stated that the increase in the act has necessitated the need for users to be aware of the tricks and methods being used by these malicious persons.
On the modus operandi of these initiators, the Authority said they often infiltrate WhatsApp groups and target members of the group to whom they send carefully crafted messages to persuade their victims to reveal their verification codes.
Some of these methods they mentioned include:
1. Notifying the victim through text messages about an ongoing upgrade on their group platforms and requesting the victim to share the code that will be sent to them.
2. Calling the victim to inform them that a security code has been sent to prevent their account from being hacked and requesting the victim to share the code that will be sent to them.
3. Informing the victim that they have received a mobile money transfer and that they are required to reveal the code sent by the perpetrator to access the funds.
4. Sharing URLs in WhatsApp groups and instructing group members to click on them to update their information by providing the code that will be sent to them.
Once the code is shared, the victim’s account is compromised “and the malicious actors may then go ahead to impersonate the victim and defraud their contacts resulting in reputational damage and monetary losses.”
The Cyber Security Authority has therefore warned users that under no circumstances should they share their verification codes with others.
WhatsApp users have been urged to enable two-step verification to add an extra layer of security to ones WhatsApp account, and also make sure to verify the unexpected requests through a different communication mode/platform before taking any action.
SSD/NOQ
Watch the latest edition of BizTech below: