Warning: Scammers trying to hijack user WhatsApp account

The Malaysian Communications and Multimedia Commission (MCMC) has issued a statement warning the public to be wary of increasingly inventive tactics employed by scammers trying to hijack a user’s WhatsApp account, due to increasing reports of fraud cases being committed through the app.

MCMC said scammers usually manage to take over victims’ WhatsApp accounts by tricking them into divulging their six-digit verification codes, which users will usually receive when there is an attempt to change the phone number associated to their account.

To do this, scammers have been known to contact potential victims while posing as a hapless individual or business claiming to have mistakenly keyed in the victim’s phone number while trying to complete an online transaction, explaining that as a result the authorisation code for the transaction had been sent to the victim’s phone and asking for the victim’s help in sending them the code.

These appeals could even come from the victim’s family members or friends via accounts that scammers had already successfully hacked into, said MCMC.

This tactic commonly misleads the victim into thinking they would be sending the scammer an unrelated TAC (transaction authorisation code) when in fact they would be handing over the six-digit verification code to the victim’s own WhatsApp account. Those who have been duped into giving up their codes could end up having their accounts stolen by scammers, added MCMC.

MCMC said scammers have also impersonated WhatsApp employees to fool users into sharing their verification code, adding that there have also been instances where the scammer would deliberately fail at keying in the code several times in order to force an automated system by WhatsApp to call the user about their verification code.

In this instance, the scammer would also contact the user to ask for the code while pretending to be someone else. If the user did not answer the automated call by WhatsApp and it goes into the user’s voice mailbox, then the scammer would try to randomly guess at or ask for the user’s voice mailbox PIN code to access the recording, according to MCMC.

The regulatory body advised WhatsApp users to be suspicious of any attempts to procure their six-digit verification code, adding that it is absolutely imperative that users never reveal the code to anyone else to prevent others from hijacking their accounts.

It added that users should also enable two-factor verification on WhatsApp and utilise more complicated PIN numbers for their voice mailbox as additional security measures.

According to an FAQ by WhatsApp, when users receive this verification code via SMS without requesting it, it means that someone else has entered their phone number and requested for the code.

WhatsApp said this could happen due to someone mistyping their own number, or it could also be someone attempting to take over another user’s account.

It added that without this code, the other party would never be able to complete the verification process and use another person’s phone number on WhatsApp.

In a separate FAQ about stolen accounts, the company advises users to inform family and friends if they suspect someone is impersonating them in chats.

Users who have lost their WhatsApp account to scammers are encouraged to file a complaint with MCMC or lodge a report at the nearest police station.