The Malaysian Communications and Multimedia Commission (MCMC) has issued a statement to warn about a potential scam which will allow unauthorised individuals to take over your WhatsApp account. The MCMC said the scammers used various tactics to trick users into revealing their 6-digit verification code that’s sent from WhatsApp.
Similar to online banking and eWallets, these one time SMS verification code should not be shared with anyone including those that claimed to be from the platform provider. Once you’ve handed over the codes, the scammers will be able to use your WhatsApp number to do all sorts of things.
Scammers want your verification code
WhatsApp will only push the verification code via SMS if someone tries to login with your phone number. The MCMC has highlighted several tactics which include pretending to be a friend in trouble and they ask for your help to send over the verification code that’s ‘forwarded’ to your number. Sometimes the scammers may pretend to be from WhatsApp.
The scammers could also ask for your verification code by voice call. They will first attempt to make several failed verification requests and WhatsApp’s system will make an automated call to you for verification. The scammers would then call to the victim to pass the code that was mentioned in the call. If the victim didn’t answer the call, the scammers may attempt to retrieve the code by gaining access to your voicemail.
What could the scammers do?
According to WhatsApp, scammers will not be able to read your messages as they are all are stored on your current device with end-to-end encryption. However, they will be able to see the list of group chat that you’re in. If someone gains access to your WhatsApp account, they could misuse your identity to ask your friends or family members for money due to an emergency.
How to protect your WhatsApp account?
The golden rule is not to share your 6-digit pin to anyone and it’s meant for you only. If someone asks you to send the code, you should always ignore the request.
To better protect your account, it is advisable to enable two-step verification for WhatsApp. The feature has been introduced since 2017 and it adds an additional layer of security to your account. By default, WhatsApp does not use a password and it relies on SMS verification to login.
The two-step verification allows you to add a custom 6-digit password and you’ll need to enter your email address if you need to reset it. If someone needs to login to your WhatsApp number, they will need both your custom 6-digit password and the SMS verification code.
If you still use voicemail on your mobile subscription, MCMC advises you to change your password to a complicated combination. This is to prevent scammers from accessing your voicemail.
What happens if you’re logged out?
If your account is logged in on another device, WhatsApp will automatically kick you out. To regain back access, you should login back to your phone number as soon as possible which also requires an SMS verification. Once you’re logged in, the previous person will be logged out automatically. The verification code is always generated randomly so this means they can’t login with the old code.
For further reading, you can check out WhatsApp’s post about stolen accounts and receiving verification code that you didn’t request. It is advisable that you activate two-step verification if you haven’t already or watch the video below: