Nowadays, most of the people have shifted to a virtual world. While social media was simply a means of entertainment earlier, apps like WhatsApp have become a necessity in the present world. WhatsApp has over 2 billion users worldwide and over 50 crore users in India as of 2020. WhatsApp has thus become a tempting platform for cyber-criminals.

Fraud via WhatsApp is on the rise, resulting in a lot of privacy issues and money thefts for a lot of people. The total number of fraud reports has increased dramatically in the pandemic era. It is therefore very critical to understand what WhatsApp fraud is, how to spot WhatsApp scams, and how to avoid them.

Hijacking of WhatsApp via call

When a person gains access to a victim’s WhatsApp account in order to perpetrate fraud, this is known as WhatsApp hijacking. In this scam, the attacker pretends to be from a bank or telecom service and calls the victim. The attacker does not ask for an OTP or a pin but simply asks you to dial a number and a code and merge your calls with theirs.

For instance, the attacker may call claiming to be from your phone’s network service provider and would then ask you if you’re having any network or other service related issues. While he keeps you engaged in all this, he would very politely ask you to dial a code followed by a number, giving some completely logical reason for the same.   

Dialing the code *401* followed by a phone number is done in order to activate call forwarding to that number. The attacker will then register on WhatsApp as you and receive an OTP via phone call after this is done. The attackers enable the two-factor pin so that even if you try to regain access to your WhatsApp account, you will be unable to do so since you do not know the pin. As a result, they will have access to your account and you will be unable to do anything.

Once the victim’s account is hacked, the attacker gets access to all his contacts as well as groups. A chain reaction would begin after this.

The fraudster will then message the friends and family of the victim, making them believe that the victim is in an emergency situation and needs to be transferred money on an urgent basis. Typically, the criminals claim to be in a rush in order to persuade the people to act quickly. As a result, this form of scam is often known as a friend or family emergency scam. Unfortunately, many people fall to this trick and lose thousands of rupees on average.

Even though the number used by the criminal to commit fraud is usually unknown to the friends and family members, the profile image associated to the WhatsApp account is familiar. As a result, people believe that they are conversing with a friend or family member. Criminals, can easily duplicate a photo from another social media network like Facebook or Instagram. Other information is also obtained that can be utilized to deceive friends and family members. For example, a person’s vocabulary or particular events that they may have discussed online can be used.

The fraudster may also provide you with a QR code of whom they allegedly owe the money. They will then request that you to transfer money via this QR code immediately. To give their demand some legitimacy, they can say they’re having trouble transferring the funds themselves, citing an error message and requesting that you attempt since it’s essential and important that the money is paid on time. The stated accounts linked to the QR code are almost always fake conduit accounts with a difficult-to-trace end destination.

It is therefore advised that you should always be aware and cautious while using sites such as WhatsApp. Never disclose your WhatsApp verification code to anyone. If you share the verification code, re-verify your WhatsApp account right away. Users should also use “two-step verification” to improve the security of their WhatsApp accounts and avoid opening links sent by unfamiliar persons.

Author – Ms. Anoushka Bidwalkar, Policy Research Intern, CyberPeace Foundation
Reviewed – Mr. Abhishek Singh, Research Associate – Policy and Advocacy, CyberPeace Foundation

Leave a Reply

About Cyber Peace Corps

Address: B-55 MIG, Ranchi Jharkhand, India
Phone: (+91) 82350 58865
Email[email protected]