WhatsApp Scam: Hackers Could Steal Your Chats, Putting You at Serious Risk

WhatsApp Scam A brand-new, extremely dishonest fraud is targeting users of the well-known messaging service WhatsApp, giving scammers complete access to victims’ contacts, chat history, and media assets.

 

Hackers are taking advantage of the app’s device linking feature to take over accounts, then utilizing the hijacked profiles to send more harmful links to friends and family who aren’t paying attention.

How the Scam Works?

The attack starts with a friend’s number sending an apparently innocent message that reads, “Hey, I found your photo by accident!” with a truncated URL attached.

Usually, the URL takes users to a fake Facebook login page that is expertly crafted to resemble the actual site in both appearance and feel

The attacker records the victim’s Facebook login information and uses it to start WhatsApp’s device connection procedure.

WhatsApp sends a six-digit code or QR code to the victim’s registered device as soon as the attacker starts connecting.

The attacker can link the victim’s WhatsApp account to their device by intercepting or manipulating the verification process because they already have access to the victim’s Facebook session.  All of the victim’s conversations, shared media, contacts list, and group memberships can be accessed remotely as a result.

Once an attacker has gained control of a WhatsApp account, they can pretend to be the victim and send messages to all of the contacts on the account.

By doing this, they can spread more harmful URLs and possibly quickly gather login credentials from several victims.  Attackers can also:

• View and steal private media files and communications.
• Participate in private groups to gain access to private conversations.
• Distribute malware files or phishing links by seeming to be a reliable source.
• Threatening to release private conversations or media can be used to blackmail people.

Many users are still ignorant that credential theft and social engineering can be used to take over device linking.

The initial purpose of WhatsApp’s device linking function was to enable users to link the same account across several platforms, including a desktop client and a phone. However, hackers have since used this capability to carry out extensive account takeovers.

Warning Signs and Prevention Tips

Users should exercise caution when they receive unusual communications with links, even if they seem to be from friends or family, according to the report.

You can avoid being a victim of this fraud by following these best practices:

1. Verify Suspicious Messages

Before clicking any links, always get confirmation from the sender via another channel, such as a video chat or phone call. A friend will be happy to provide context if they actually discovered a picture of you.

2. Avoid Entering Credentials on Unverified Pages

Examine URLs thoroughly. The address bar of authentic Facebook login pages reads “facebook.com.” Look for the padlock icon and HTTPS, but keep in mind that even these might be faked.

3. Use Two-Step Verification on WhatsApp

Go to Settings > Account > Two-step verification to activate WhatsApp’s built-in two-step verification function. This adds an additional degree of security by requiring a PIN to link your account to any new device.

4. Monitor Active Devices

Review linked devices on a regular basis in WhatsApp by selecting Settings > Linked Devices. Unlink any strange computers or devices right away.

5. Keep Software Up to Date

Make sure the operating systems on your device and WhatsApp are up to date. Updates frequently fix security flaws that hackers take advantage of.

What to Do If You’ve Been Hacked?

If you think there has been an account compromise:

• Using the Linked Devices menu, log out of every connected device.
• Reactivate two-step verification with a secure, one-of-a-kind PIN.
• Let your contacts know that any dubious links originating from your account should not be clicked.
• Inform WhatsApp’s support staff about the occurrence.

 

The latest WhatsApp fraud highlights the changing strategies of cybercriminals who use trusted features like device connection and social engineering to obtain illegal access.

Users can safeguard their communications, media, and private data from bad actors by adopting careful online practices, such as employing two-step authentication, validating unexpected messages, and routinely monitoring connected devices.

Remain vigilant, educate yourself, and resist the temptation to allow scammers to use WhatsApp as a conduit for mass fraud.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.

Read More:

Apple is Developing an AI-powered web Search Tool for Siri to Compete with Perplexity and OpenAI

 

About Author