Publications
Partners
In an era of heightened digital connectivity, the seemingly harmless WhatsApp verification code has become a potential gateway for scammers, resulting in identity theft and extortion.
The modus operandi is simple yet effective: hackers infiltrate unsuspecting users' accounts and leverage their compromised profiles to extort money from contacts.
Consumer journalist Wendy Knowler chatted with a doctor on CapeTalk in November who got locked out of his WhatsApp account after the hacker pretended to be a colleague asking for his ‘Zoom verification code’.
READ: Online shopping tips, Instax Pal and Nintendo Joburg store
The code was used to gain access to the WhatsApp account and message the doctor’s contacts, claiming he desperately needed R5 000. In this instance, the victim did not set up two-step verification on WhatsApp and was subsequently locked out of his account.
According to Naeem Mayet, digital strategist at Autostyle Motorsport, this scenario could happen to anyone, regardless of their level of education. On the WhatsApp community groups that Mayet is in, there were multiple cases where victims were either advocates, insurance brokers, or the elderly.
Mayet tried for weeks to assist an elderly man in his neighbourhood who had fallen victim to a similar scam after handing over a verification code sent to him.
He said:
“The problem is, whenever we try to sign into Bob’s (name changed) WhatsApp, it does not send an SMS as we hope. Instead, it pops up the OTP on the hacker’s WhatsApp screen,” explains Mayet. “The hacker obviously ignores it, and every hour, it says to try again in an hour.”
He added:
After a further back and forth on the circumstances, the automated reply said:
“Of course, it shows active, because the hacker is using the account,” says an exasperated Mayet.
An attempt to convert the WhatsApp account into a WhatsApp Business one was also unsuccessful after the app prompted Mayet to “contact support” when he entered an OTP.
Eventually, they requested a SIM swap, but didn’t do anything for seven days before signing in again. Fortunately, the hacker was logged out of the account and the owner finally regained control of his number with no financial disaster.
City Press reached out to Meta for comment about the verification scam, but the company said it refrained from commenting on individual scams and shared links from its help section.
In response to why the user did not receive an SMS OTP, it said:
Photos were supplied to prove that the SMS was not being delivered, however, Meta did not respond at the time of publishing.
READ: Review: Amazon-owned Ring introduces its Indoor Cam with privacy at its core
Brandon Muller, cybersecurity expert for the Middle East and Africa region at Kaspersky states that phishing in instant messenger apps is still one of the most popular tools among scammers.
He said:
To avoid this happening, WhatsApp users are urged to turn on a two-step verification or risk finding the very same feature meant to protect them being used against them.
Kaspersky advises against sharing any verification codes, no matter how nicely anyone pleads for assistance. “Sharing just one code could lock you out of almost your entire online existence,” continues Muller.
The company recommends tips, such as turning on two-factor authentication wherever possible, looking out for misspellings and other irregularities in links or chain schemes and being aware of messages as a result of marketplace and accommodation booking listings.
Users should be cautious about unsolicited requests, suspicious offers or urgent demands for personal and financial information, it said.
The company stresses that even if a message comes from a best friend, people should remember that their accounts could have been hacked. Also, be wary of links or attachments, it warned.
