Maharashtra Cyber, the State’s nodal cybersecurity agency, recently issued an advisory against a “WhatsApp hijack fraud” targeting users.

The cyber agency posted the possible ‘modus operandi’ of the fraud on its social media account, detailing how cybercriminals are targeting users of the popular messaging platform and are taking over their accounts.

The scammers hijack the user’s account by gaining their verification code. They try to gain the user’s verification mode through messages asking users to verify their phone number if they have recently changed their handset.

“When a WhatsApp user changes their phone they need to verify that the new device is linked to their phone number,” reads the advisory.

“The hacker knows your mobile number and this whole series of attacks start with one person giving out their verification code and allowing his account to be hijacked,” it adds.

The hacker then gains access to the user’s account including their contact lists and WhatsApp groups. From there, the attackers will target other contacts to gain access to their accounts as well.

One of the ways in which hackers target users is messaging another user from a hijacked account asking them for the verification code.

“Knowing Mr X is the most contacted from Mr A’s WhatsApp list, the hacker pretends to be Mr A and convinces Mr X that his WhatsApp verification code isn’t reaching him so he has sent the same code to Mr X’s phone. Mr X then falls into the trap and doesn’t realise that it is his own verification code that he gives out,” explained the advisory.

The hacker can then gain access to their account as well. In some instances, hackers also posted photos involving nudity to WhatsApp groups through the victim’s account, the cybersecurity agency said.

A similar scam was reported by WABetaInfo in May where hackers were targeting users through their verification codes posing as WhatsApp’s technical team.

comment COMMENT NOW