Week 34: What's up with my friend's WhatsApp account? How scammers can use the messaging service to trick you.

27.08.2024 - The NCSC has received more reports of hacked WhatsApp accounts in recent days. The approach is similar to what we already observed last year: someone you know contacts you on WhatsApp and asks you to help them with an urgent problem. All you have to do is forward them an SMS code. What's different now is that the scammers are writing in dialect and trying to get you to send them money via TWINT.

Out of the blue, someone you know contacts you on WhatsApp. They say they have a problem with their phone: it is blocked and can only be unblocked with a code that will be sent shortly by SMS. Your friend asks if they can have the code sent to you, so that you can then forward it to them. At this point, the message is indeed coming from your friend's account. You're tempted to do them a favour; after all, it's not a big deal to forward them a code.

On the left: an alleged friend asks you to forward them an SMS code. On the right: an SMS from WhatsApp to log in to your account from a new device.
On the left: an alleged friend asks you to forward them an SMS code. On the right: an SMS from WhatsApp to log in to your account from a new device.

Nothing happens at first when you share the code. A short time later, however, you receive another message that you believe to be from your friend, asking you to make a payment to help them out of their predicament. They send you a payment code. If you enter and confirm this code on the TWINT app, a payment is made to a company, for example Kiosk AG. The scammer has tricked you into buying them gift certificates from the kiosk. They can redeem or sell these gift certificates anywhere in the world. Victims of this type of scam are often contacted several times with further TWINT requests. The scammers keep asking until the victim stops paying. In one case reported to the NCSC, criminals were able to scam someone out of more than CHF 1,800.

Unfortunately, the scam does not end when the you stop making payments. This is where the SMS code that you shared at the beginning comes into play. The six-digit code you gave the scammer was actually a login code for your own WhatsApp account – not theirs. By giving the scammer the code, you unwittingly gave them access to your WhatsApp account. They can now log in as you and send messages to all of your contacts in your name, telling them your phone has been locked and asking them to forward their six-digit code. And so the game starts all over again with a new set of victims.

Scammers are increasingly writing their messages in dialect to make the victim think they really are talking to a friend.

Fraudulent Whatsapp chat in Swiss German
Fraudulent Whatsapp chat in Swiss German

This type of scam is not limited to WhatsApp. Other social media such as Facebook and Instagram are also being used in a similar way.

What can I do?

If you use WhatsApp or any other messaging service, there are a few things you can do to protect yourself:

  • In general, codes should not be passed on under any circumstances. If in doubt, you can always call the person who is apparently requesting the code, and ask them what is going on.
  • Be sure to activate two-factor authentication (e.g. for Android or iPhone: Settings --> Account --> Security and privacy --> Two-step verification). This issues a one-time six-digit code. Without this code, the account cannot be transferred to another device. Of course, you should never share this code either.

The measures described can also be used with other social media accounts. For example, Facebook and Instagram accounts can be hijacked using similar methods. Here too, two-factor authentication is the easiest remedy.

But if it is too late and you have already lost control of your WhatsApp account, the following measures may help:

  • Use other channels to inform your contacts that someone may be sending fraudulent messages in your name.
  • In principle, you can recover your account using the same procedure that the scammers use: log in to the app with your phone number and enter the SMS code the system sends you.
  • If, however, the scammer has set up two-factor authentication in the meantime, things are a little more complicated. In this case, you will have to wait for seven days before logging in again, but this time without the second factor.
    (https://faq.whatsapp.com/1131652977717250/).

Last modification 27.08.2024

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2024/wochenrueckblick_34.html