Nottinghamshire Police warn WhatsApp users of scam after spike in hacked accounts
WhatsApp users are being asked to stay alert following cases of scammers hacking into accounts and asking their victim’s friends and family for money.
Nottinghamshire Police has received a spike in reports about a scam that sees a criminal gain control of a WhatsApp account belonging to someone who is part of a WhatsApp group.
The criminal will then contact that person, posing as a member of that group, often via a one-time WhatsApp audio call, with the intention of building trust in order to perpetrate the scam.
Often the scammers will change their profile picture and display name, so at first glance it would appear to be a member of the group.
During the phone call, the scammer will say they are sending a six-digit code which will allow them to join an upcoming video call for the group’s members.
In reality, the code is a six digit two-step verification code for their own WhatsApp account, and if the code is shared, the criminal can log in to the account and lock the victim out.
The criminals will then repeat this tactic with other WhatsApp contacts in an effort to steal access to more accounts.
Once they have access, they have been known to message friends and family in the victim’s contact list asking for them to urgently transfer them money.
Although the scam is happening nationwide, Nottinghamshire Police have received a spike in reports in recent weeks.
Cyber Protect Officer, Kirsty Jackson, said: “In one of the examples, a Nottingham woman received a phone call on WhatsApp.
“She didn’t recognise the number but the profile had a picture of two children so she thought it might be a parent who she knew.
“She answered and the caller said he was from a prayer group that she belonged to. He then invited her to a virtual meeting and advised he would send her a link.
“He then told her a code would come through to her phone, and that she’d need to give him that code so that he could accept her into the meeting.
“She followed these instructions, but the code actually granted the man access to her own WhatsApp account.
“He then used it to lock her out and then send messages to her contacts, making up stories in an effort to get them to transfer over sums of money.
“Thankfully no-one did but following these reports, we are encouraging people to always be vigilant.
“Be wary of being contacted via WhatsApp, or any other messaging platform, and being asked to provide information — despite the fact that you may recognise the individual’s profile picture and/or name.
“Never share your account information with anyone and if you think it is spam, report the message and block the sender within WhatsApp. To make your account secure, we’d advise setting up two-step verification to give an extra layer of protection.”
Friends of another victim handed over hundreds of pounds to the fraudster.
Analysis by Action Fraud, the national reporting centre for fraud and cybercrime, indicates that victims targeted in this scam were often part of large local community or religious WhatsApp groups, such as church-goers or prayer groups.
What can you do to avoid being a victim?
Set up two-step verification to give an extra layer of protection to your account: Settings > Account >Two-step verification > Enable.
Never share your account’s two-step verification code. These codes grant access to online accounts.
If a family member or friend makes an unusual request on WhatsApp, always call the person not via WhatsApp, and ideally via a videocall, to confirm their identity.
Review the account’s privacy settings to help avoid sharing any personal data to numbers outside of your contact list: Tap Settings > Privacy.
You can also review additional settings for each chat group you have: Tap the profile of the chat group > review options available.
You can report spam messages or block a sender within WhatsApp. Press and hold on the message bubble, select ‘Report’ and then follow the instructions.
If you have been scammed, incidents should be reported to Action Fraud in the first instance on their website https://www.actionfraud.police.uk or you can call 0300 123 2040 for advice.
You can also make a report to Nottinghamshire Police by calling 101 and quoting the Action Fraud reference number.