WhatsApp users are being warned of a scam that could give hackers access to your WhatsApp account and lock you out in the process.
WhatsApp is an app for smartphones. It offers a secure messaging service for one-on-one or small group conversations – often making it the platform of choice for many organisations to conduct business or respond directly to customers. As a result, it is a target for scammers trying to hack into users’ confidential conversations.
Hackers attempt to gain access to your WhatsApp account by taking advantage of our tendency not to change the default PIN code on our phones voicemail account.
Firstly, the hacker will try to install WhatsApp on their own phone using a legitimate user’s phone number, typically late at night, while the user is asleep and not using their phone.
WhatsApp will attempt to verify the login by sending a one-time verification code via SMS to the victim’s phone.
The hacker doesn’t have access to the victim’s phone, so is unable to see the verification code and enter it.
When the verification code is not entered, the WhatsApp service prompts the user to perform a ‘voice verification’, during which the WhatsApp service calls the victim’s phone and speaks the one-time verification code out loud.
Since the victim is likely asleep, the automated message is left as a voicemail.
Most mobile service providers allow remote access to your voicemail account, by calling a generic number and entering your PIN code.
So to retrieve the voicemail, the hacker simply needs to call the generic phone number and enter the victim’s four-digit PIN – which, if you haven’t changed it, is typically a simple combination such as 0000 or 1234 by default.
Once the hacker listens to the pre-recorded voicemail and hears the verification code, they can then access your WhatsApp account on their own device.
Quick Links
Legal Stuff