At least 2 billion people across the world are using WhatsApp to communicate with their family, friends and loved ones. The messaging app is preferred by many of users for its ease of use among many other reasons.
The features available on WhatsApp not only attracts people who desperately want to communicate with others but they even attract fraudsters bent on scamming unsuspecting WhatsApp users.
Well, unfortunately one WhatsApp user recently counted her loses of US$3300 after a scammer impersonated her and gained access to her WhatsApp account. To protect other users from falling victim to such a scam, the lady (lets call her Emma) contacted us and asked us to share her story.
Emma has been using WhatsApp for the past two years. She started to use ut the after her boss asked to join a WhatsApp group of the company’s employees and since then she has used WhatsApp for work and to communicate with some of her friends and relatives.
Last week Emma received a 6-digit code in her a phone from WhatsApp and in less than a minute she received call from an unsaved number. The caller, in an assumed state of panic, asked Emma to tell her the 6-digit code she had just received on the pretext that she had mistakenly entered Emma’s number instead of her’s to receive the code.
Emma being a good person was happy to oblige to the caller’s request. She puts her on hold while she takes a look the code in her phone, returns on the call and unwittingly give the code to the caller. The caller thanked Emma for her kind gesture and she quickly hangs up.
Emma then puts back her phone in her purse. However, she doesn’t know that some minutes after leaving the call she was kicked out of her WhatsApp account.
How did Emma lose control of her WhatsApp
It turns out that the 6-digit code that Emma had given to the caller was the verification code that WhatsApp sends a new signee when they register their WhatsApp account.
The caller (the scammer) had put Emma’s number during the registration process and since she wasn’t the owner of the number, the verification code was received in Emma’s phone. So that’s when the scammer called Emma asking for the verification code in order to finish the registration process and kick out Emma out of her account.
At this point Emma’s WhatsApp account was now being used by the the scammer who had called her asking for the 6-digit verification code.
How did the money got stolen
The scammer seem to have gone through Emma’s contact list and then stumbled upon a number saved,”Hubby”. Sensing that it’s Emma’s husband, the scammer daringly starts a conversation with him. Here’s a screenshot of the conversation:
So Emma’s husband unwittingly gave card details to the scammer. The scammer then goes on a shopping spree of Bitcoin, eventually using up all the US$3300 in the card.
After 2 hours since the call, Emma then tries to log into her WhatsApp account but she finds out that she’s no longer logged in. When she tried to log in again, she was asked to enter two-factor authentication pin which she had no idea about.
Emma then called her tech savvy husband telling what she’s experiencing when trying to log into her WhatsApp. That’s when the husband figured out that he wasn’t talking to Emma on WhatsApp 2 hours ago. And that’s also when they figured out the had been scammed.
How to avoid falling victim to this kind of scam
The next victim on WhatsApp may not experience a scam like what Emma experienced but they may be impersonated up to the point where their reputation and honour could be tarnished. Whichever way, its best to just guard against this type of WhatsApp hacking.
If you read every word of Emma’s experience above, you have definitely noticed that when she tried to log into her account again by re-registring her number, she was asked a two-factor authentication pin.
What is a two-factor authentication pin, you may ask? Its pin that you set in WhatsApp for added security. A two-factor authentication pin protects WhatsApp users from hackers who want to steal your account or kick you out of your account as in the case of Emma.
By default, the two-factor authentication pin is not activated when you start to use WhatsApp. Instead, you have to activate it yourself.
So what happened in the case of Emma is that when the hacker gained access to her account, they went on to activate her account’s two-factor authentication. That’s why Emma was asked the pin she tried to log into the account again and without it, she couldn’t log in.
In view of this, you are well-advised to secure your account by activating the two-factor authentication pin how. To learn how to activate it, read our article – 2 easy ways to make your WhatsApp more secure.