SPF Warns About the Resurgence of WhatsApp Scam That’s Like MLM

Have you heard of the WhatsApp scam that takes over your WhatsApp account?

No?

Then you probably didn’t come to our app daily. Here’s the article that was published in March this year.

So you thought that scammers would have changed their modus operandi because everyone’s now woke about this scam?

Well, yes and no.

They’ve changed their tactic a little but they’ve not changed their goal: taking over your WhatsApp account.

Here’s what happened.

A Comeback of the WhatsApp Scam

Back in March, scammers told people to share screenshots of account verification code in group chats so that they can take over your account.

Now, they’ve taken it to a whole new level by hacking into your friend’s account and using your friend’s account to hack into yours. Or in a more atas and correct term, social engineer you to take over your account.

Here’s SPF’s advisory:

I’d love to copy and paste the entire wall of text here and be done with this article, but as my boss is just beside me as it’s a tad difficult to understand with one read, I’ll try to simplify it for you here.

If you’ve switched phone or SIM card, you can technically still use the same WhatsApp account, simply by verifying your WhatsApp account with a pin number that’s sent to your phone via SMS.

Say, for example, you’ve a new phone and a new SIM card with a new number, which we’ll call Samsung AB. Your old phone and number, which we’ll call Huawei CD, has your WhatsApp account.

To use your WhatsApp account on Samsung AB, you simply download WhatsApp and verify your WhatsApp account—and to verify, they’ll send an SMS to Huawei CD.

Geddit so far?

So, basically, the scammer would have already taken over your friend’s account, and see that your number is 12345678. He simply used your friend’s WhatsApp account to send you this message…

Image: Facebook (Singapore Police Force)

…while at the same time, try to “verify” 12345678.

So you’ll receive the pin and because it’s your friend, you might gong gong send the code to him.

And ta-da: your account is taken over, and he’ll do the same thing to all your friends.

Kind of like MLM, isn’t it?

Here’s what SPF suggests you to do (okay, this one I copy and paste one, but I bold the point that I think is most useful):

a) Do not share your account verification codes with anyone;

b) Beware of unusual requests received over WhatsApp, even if they were sent by your WhatsApp contacts;

c) Always call your friend to verify the authenticity of the request, but do not do so through the social media platform as the account might have been taken over by scammers; and

d) Protect your WhatsApp account by enabling the ‘Two-Step Verification’ feature, which is available under ‘Account’ in the ‘Settings’ tab of your WhatsApp application. This will prevent others from compromising your WhatsApp account;

e) In the event that your WhatsApp account has been taken over by a scammer, you can recover the account by signing into your WhatsApp using your phone number and authenticate by entering the verification PIN which you will receive on your phone. The scammer which is using your account will automatically be logged out thereafter.

If you wish to provide any information related to such scams, please call the Police hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. If you require urgent Police assistance, please dial ‘999’.

In the meantime, maybe you can also subscribe to our YouTube channel, whereby we’ve done several anti-scam videos with our friends from SPF: