Androcles Consultants is a dynamic and innovative London based MAC consulting firm operated by a Andrew Daws providing customers with outstanding MAC IT program management, technical support, logistical, and executive level support, while maximizing innovation and cost reduction for individuals and business.

Monday, 20 July 2020 11:20

WhatsApp scam

Written by 
Rate this item
(0 votes)
 
There is a phishing scam being used in WhatsApp which could mean you losing access to your conversations and contacts, without others realising that your messages aren't reaching you. So you would lose messages, and all your contacts could get begging messages or worse.
 
There is a way to protect yourself, but you need to understand how the scam works.
 
When you first log in to WhatsApp on your phone (or delete the app and reinstall it) the way that WhatsApp checks that it is you is to send you an SMS, to the number of the WhatsApp account. You need to enter that code to activate the account.
That works fine until someone else gets hold of that verification code. The most common way is for the hacker to find a contact in the hacked account, then send them a message asking the recipient to forward the SMS from WhatsApp that they have just received, or are about to receive. If you fall for it, the hacker will then log into your account using that code, and will lock you out.
 
The way to protect yourself is a feature called Two-Step Verification, which can be found in WhatsApp on your phone (not your other devices, as the 'real' account is on your phone: the others merely mirror what is on the phone). 
Go to settings on the main screen (it looks like a cog wheel on an iPhone - see below for Androids), then go to account, then to two-step verification. The way this works is that YOU choose the 6 digit number, rather than getting a PIN number from WhatsApp, so nobody can log into your account without that number, which you keep private. AND you then can put it your email address so that you can reset the PIN if you lose it. You can see that anyone that gets control of your account can change the PIN to one that only they know, and can add their own email address so that they can keep you our permanently.
 
I tried it on an Android phone, and it did offer to show my name, and somehow got the text verification code, so I didn't have to enter it. And it did prompt me about message backup, but there was nothing about two-step verification. Clearly you need to know about that already. And to find the settings menu, you need to click on the 3 dots at the top right of the main screen on the  WhatsApp app.
 
So the idea by WhatsApp that you would always be the only one with access to your handset is clearly not good enough. All the messages are encrypted, but that's not much help if it's not you sending them.
 
They claim that after 7 days you can reclaim your account, but I can't see that you can as the hacker can just keep changing the PIN.
 
One more thing: all the messages are kept on the handset. You have an option to back them up online, to iCloud or Google Drive, either regularly or manually (if you are about to make changes to your account), but if you don't back it up, you lose the lot.
 
Please email me on This email address is being protected from spambots. You need JavaScript enabled to view it. '; document.write(''); document.write(addy_text74418); document.write('<\/a>'); //-->\n This email address is being protected from spambots. You need JavaScript enabled to view it. if this is unclear or wrong. 
Read 716 times Last modified on Monday, 20 July 2020 12:16
More in this category: « What is iCloud?

235 comments

StartPrev12345678910NextEnd

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.