Scammers Now Take Over People’s WhatsApp Account with Verification codes

Latest Articles

24 COVID-19 Cases Today (16 Jan); 4 from the Community & 1 from Dorm

Today is a bad day. Today, as of 12pm, the Ministry of Health (MOH) has preliminarily confirmed 24 new cases...

LTA Confirms There Have Been More Potholes Recently & Are Expediting Repairs

The cost of driving in Singapore is known to be very high, with all the COEs and road taxes....

WhatsApp is Postponing Its New Privacy Policy Change to Allow People to ‘Gradually Review...

WhatsApp kinda threw every user they had under the bus when they announced that they were going to share...

IKEA S’pore Misprinted Its Cloth Bags & Then Came Out With An Ingenious Way...

Remember how in primary school when we were not allowed to use pens such that when we made a...

Next 2 Weeks of Jan 2021 Will Be Dry & Warm With Temperature Up...

A wise old man once said that the weather in Singapore is akin to your boss’ mood: he could...

SMS, the dinosaur-era “app”, is still being used by people even if you’re a millennial who’s moved on to Telegram: you need SMS to log in to SingPass with 2FA, you need SMS to receive a 2FA code when you’re ordering McDonald’s sour egg yolk fries online and you need SMS to remind you that your IPPT is due.

And most importantly, you need SMS to verify your most-used messaging platforms like WhatsApp or Telegram.

Kind of how you need Internet Explorer to download Google Chrome.


And scammers being scammers, they’ve come out with a way to scam you via this 2FA system in an ingenious way—so smart, they’ve scammed at least 10 people in Singapore this year, and we’re only less than two weeks into 2019.

Here’s how it works and what you should take note of, and most importantly, how you can help break this “chain” of scam because it needs more victims to have more victims.

WhatsApp Takeover with Verification Code

Whenever you switch your phone and install a new WhatsApp into your new phone, you’d be asked to verify your account. To do so, you’d receive a SMS to your phone number so as to verify that you’re really changing your phone.

Now, here’s the scary part: people can register a WhatsApp account even without your SIM card. They merely need to key in the phone number and ta-da: they can log into your WhatsApp account…if they have the verification code, that is.

It seems so common to receive verification codes you didn’t request for that the WhatsApp website even has a FAQ page to this:


So here’s how the scam works: the scammer would have already had access to your friend’s, say Bufflord95, account. With that, he found your number.

He then tried to register your WhatsApp account and so, you’ll receive a verification code from WhatsApp. He’d then use Bufflord95’s account to contact you and ask for the verification code.

Given that you trust Bufflord95 (not knowing that his account has been compromised), you then provide the code…and ta-da: you account has been compromised as well.

And so, the cycle goes on and the scammer tried to scam your friends and take over their accounts, too.

What Do Scammers Do with Accounts That Have Been Overtaken?

Well, simple: they’ll get your friends to help buy gift cards online and with the gift cards, they’ll sell it.

Kind of like how many years ago, people’s Facebook accounts were hacked and they were going around asking others to help buy gift cards online.


The scam works because just like the Facebook scam back then, it looks like a legit message from your friend—from the verification code to the gift card purchase. You won’t want to reject your crush, eh?

Here’s our friendly Police’s advice:

  • Beware of unusual requests received over WhatsApp, even if they were sent by your WhatsApp contacts;
  • Always call your friend to verify the authenticity of the request;
  • Protect your WhatsApp account by enabling the ‘Two-step Verification’ feature, which is available under ‘account’ in the ‘settings’ tab of your WhatsApp application. This will prevent others from compromising your WhatsApp account.

If you’d have noticed, as long as the scam cycle is broken, it won’t spread as it needs more victims for the scam to work.

So do yourself a favour and tell more people about this.

This is SPF’s official statement on this scam:

Image: Facebook (Singapore Police Force)


In the meantime, do yourself a favour and subscribe to our YouTube channel as well: we work very closely with the police to spread anti-scam messages like these videos we’ve done with them:

Like writing? Goody Feed is looking for writers! Click here for more info!