2 min read

Received a WhatsApp verification code without requesting it? Beware – you might be about to have your account stolen

Graham CLULEY

June 30, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Received a WhatsApp verification code without requesting it? Beware – you might be about to have your account stolen

Police in the UK are warning WhatsApp users of a surge they have seen in attempts made by fraudsters to steal accounts.

In a tweet posted by Southwark Police in South London, for instance, officers warn that scammers are stealing accounts by tricking WhatsApp users to share verification codes they are sent via SMS.

The scam works like this. Whenever someone tries to register a WhatsApp account on a mobile phone they give WhatsApp a phone number. WhatsApp sends an SMS verification code to the mobile phone number they have been given, to verify that the number is active and that the user trying to register the account really owns the number.

However, a fraudster might contact a WhatsApp user – perhaps pretending to be WhatsApp customer support – and ask them to forward the six-digit verification code that has just been- or is about to be – received on the mobile phone.

Of course, you haven’t requested a verification code. Instead, a scammer has entered your phone number and requested a registration code – in an attempt to hijack your account.

On its website, WhatsApp warns that keeping your verification code secret is an essential part of securing your account:

You should never share your WhatsApp verification code with others. If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so. Without this code, any user attempting to verify your number can’t complete the verification process and use your phone number on WhatsApp. This means you remain in control of your WhatsApp account.

Of course, if someone does manage to seize control of your WhatsApp account they will then be able to see any future messages you receive, and pretend to be you.

WhatsApp says that for this reason you should never share your verification code with anyone, even if they are friends or family.

“If you suspect someone else is using your WhatsApp account, you should notify family and friends as this individual could impersonate you in chats and groups. Please note, WhatsApp is end-to-end encrypted and messages are stored on your device, so someone accessing your account on another device can’t read your past conversations.”

For a higher level of security on WhatsApp, you are advised to not only never share your six-digital registration code, but also enable two-step verification, restrict who can view your profile photo, and be cautious about transferring money with contacts unless you have confirmed their identity.

WhatsApp offers further advice on how to recover your account if it has been stolen from you, and recommends that you log out of all computers from your phone if you still believe someone might be using your account via WhatsApp Web/Desktop.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Versailles hospital cancels operations after ransomware attack compromises computer systems Versailles hospital cancels operations after ransomware attack compromises computer systems
Alina BÎZGĂ

December 06, 2022

1 min read
Design Flaw Accidentally Turns Open-Source Ransomware Toolkit into Wiper Malware Design Flaw Accidentally Turns Open-Source Ransomware Toolkit into Wiper Malware
Vlad CONSTANTINESCU

December 06, 2022

2 min read
SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison
Vlad CONSTANTINESCU

December 05, 2022

1 min read