1 hour ago
WhatsApp has taken action against the ‘PIN Code scam’ that has spread widely this year, which allows attackers to take over WhatsApp accounts in seconds.
The scam has spread rapidly in the UK, with messages urging users to rapidly input a code.
But WhatsApp introduced new measures which make it easier (although not impossible) to spot the scam in its early stages.
How does the PIN code scam work?
The PIN code scam usually arrives from a close friend, often someone who you have messaged recently.
The person who sends it has already had their account taken over, and sends a message asking you to input a six-digit code for them.
But the six digit code arrives by SMS not WhatsApp, and hands the scammer control of your device.
Scammers get in touch and pretend that it is an emergency
(Whatsapp/Rob Waugh)
Other variations fool users into scanning a QR code on their phone, either via bogus websites or QR Code stickers (although these are less common). Once scanned the QR code gives the attacker immediate access to the device.
Paul Bischoff, security and privacy advocate at Comparitech tells Yahoo News: "The six-digit code WhatsApp scam is a standard phishing scam. The scammer attempts to log into your WhatsApp account. When they do so, WhatsApp sends you a six-digit login code.
“The scammer sends you a message asking for the code. If you give the scammer the code, they can log in and hijack your WhatsApp account.
"Like most scams, scammers will most likely try to instil a sense of urgency in their victims. They will contrive a reason for the code to be a time-sensitive matter. Victims who are rushed to make a decision often make the wrong one, and scammers know this.
What has Meta changed?
It’s now harder (although not impossible to fall for the scam) as WhatsApp now offers a warning that a device in a different location is connecting.
Previously there was a smaller on-screen warning, but it was easily overlooked in the heat of the moment.
So, for example, it will say, “This will connect your device to a device in Bangkok, Thailand.”
Meta is now also testing warnings for suspicious Friend requests, and suspicious messages via Messenger.
How can you get back in if you fall victim?
To get back in, choose the option to authenticate yourself via a call, rather than text.
This bypasses the timer the scammer has run up to prevent you resetting via SMS.
How can you protect yourself?
Bischoff says, “Never share passwords or one-time codes with third parties. Enable two-factor authentication to prevent hackers from breaking into your account with a single form of verification.”
To stop this scam from working, enable two-factor authentication in Whatsapp.
Bischoff says, "Never share passwords or one-time codes with third parties. Enable two-factor authentication to prevent hackers from breaking into your account with a single form of verification."
To enable it, tap Account > Two-step verification > Turn on or Set up PIN. This sets up a PIN code which means it’s harder for criminals to get into your account.
You can also add an email address to the account which also makes it easier to recover in future.
