This article doesn’t belong here. It’s not the type of article that iAfrikan lets through the cracks. The scam explained here is so obvious that no techie, touch wood, would fall for it. However, I’m posting this in hope that you’ll warn family and friends who may not know much about WhatsApp beyond sending and receiving messages. This scam is so obvious that a Google search didn’t reveal a single post about it.
The common WhatsApp scams involve a Wangiri element or unsuspectingly subscribing to an unwanted costly service.
I felt the need to share the details of this scam because in the past week it hit twice within my radar range.
To pull this off, the scammer doesn't need any complicated software or hacking. The scam depends on the victims' sympathy and to a large extent cyber-illiteracy. Yes, it's plural - This scam needs more than one victim for it to have any value.
From somewhere in Fraudville, the scammer initiates a new login to WhatsApp using the target victim’s phone number.
As per WhatsApp login procedure, an SMS is sent with a login verification code to the target victim.
The scammer calls the victim to convince them that an SMS was sent to the victim by mistake. The scammer explains that it's a case of emergency and that the SMS should have been sent to them instead of the victim. This is of course backed by a well thought-out "mishap".
A non-techie can easily sympathise and follow the scammer's instruction to forward the message. Bear with me. Imagine being tech-illiterate; you receive a strange SMS from a strange and abnormally long phone number; Someone immediately calls you in relation to that SMS explaining that receiving that once-off SMS is a matter of life or death for them.
On receiving the forwarded SMS, the Scammer uses the code to login to WhatsApp, at which point WhatsApp locks the victim out of their own account and the Scammer gains full control.
The scammer waits for any of the victim's contacts to start chatting. The scammer then requests the victim's contacts for favours such as depositing money into certain accounts to save a distressed friend. Second victim closed!
In a case I had to help remedy, the scammer (under the guise of victim1) told victim2 that they had been unlawfully arrested and needed bail money. Fortunately, victim1 is known to not use instant messaging shorthand, so the friends were quick to pick up that they were chatting to a sock puppet. Overall little harm was done, however such power over one's account can result in serious damage in a short space of time.
On discovering the incident, I advised the victim to uninstall WhatsApp, reboot, reinstall WhatsApp and login with a new code to reclaim the WhatsApp account.
We were a bit late though. Seeing that his bail story wasn't flying, the scammer decided to broadcast messages to so many phone numbers that WhatsApp suspected fraudulent behaviour and banned the account for a few hours.
Where is the support line?
What bothered me during my intervention is that WhatsApp has no easily accessible channel to report suspicious behaviour or similar incidents so that damage can be minimized early enough.
In this case the victim was locked out of their own account and heard from friends through other channels that their account was being used to scam others. Not everyone has a tech-literate contact to advise them to reinstall or request a new access code to reclaim the account. Not many people have read WhatsApp's FAQ section either. Shouldn't there be some channel to temporarily freeze a compromised account while remedy is found?
Cover Image - Apollo 11 | Purple Slog