A new online scam is doing the rounds, and this one targets your WhatsApp account. Here’s a quick look at how it works, and how to protect yourself (and your contacts) from falling victim to it.
How The WhatsApp Web Scam Works
The scam targets WhatsApp Web, the browser-based platform that mirrors your WhatsApp mobile app. As a service, WhatsApp Web is super convenient, as it lets you monitor your messages from your laptop. The problem is, you don’t know which devices are logged into your WhatsApp Web account unless you check – and few people ever check.
What Scammers Do With Your Account
The scammer exploits that vulnerability, and – without you realising it – uses your WhatsApp profile to impersonate you, and asks your friends and family to send “you” (actually the fraudster) money. They use the same trick to compromise your Google Play and App Store accounts, fraudulently adding services which they add to your bill.
If you don’t have extra security settings that notify you about log-in activity via a new device, you won’t know that any of this is happening… until it’s too late. And because the fraud happens via WhatsApp, all Vodacom can do to help you is to report the “ghost number” to WhatsApp.
The QR Code Trick Explained
The scariest part is how easy it is for hackers to access WhatsApp’s web version. To access and log in to WhatsApp Web, you scan a QR code that appears on the web browser. Hackers take the QR code from WhatsApp Web and place it on a malicious page – and if you scan that fake QR code using WhatsApp (or even just your phone camera), they can steal your login credentials and use them to hack your account.
How To Protect Your WhatsApp Account
That’s the scam. Now let’s look at some ways to protect yourself from it.
Step 1: Check Your Linked Devices
First, check which devices are linked to your WhatsApp account. On your primary mobile phone, open WhatsApp and tap Settings > Linked devices. That’ll show you which computers, tablets, phones, etc, currently have access to your WhatsApp account. See any unfamiliar devices? Tap on them, and immediately select Log out.
Step 2: Enable App Lock
As an extra security measure, you can also lock the app. In WhatsApp, go to Settings > Privacy > App lock. This will require you to enter your password to unlock WhatsApp Web. While the app is locked, your message contents will be secure and you won’t get any notifications.
Step 3: Set Up Two-Step Verification
The best way to protect your WhatsApp account is with Two-Step Verification, an optional feature that adds an extra layer of security. Two-step verification requires you to enter a PIN code to access the app – so even if a scammer manages to get your phone number or details, they still can’t access your account without that PIN.
How To Enable Two-Step Verification
Turn on two-step verification by opening WhatsApp Settings, tapping Account > Two-step verification > Turn on or Set up PIN. Enter a six-digit PIN (make it one you’ll remember, but one that’s not easy to guess), and confirm it. Here you can also add an email address as an extra safeguard. Then tap Next, confirm the email address and tap Save or Done. Enter the six-digit verification code sent to your email, then tap Verify… and you’re done!
For more tips on protecting yourself from cyber fraud, check out our fraud content hub.
