Using WhatsApp? New hijacking scam to be aware of

Edward G. | February 6, 2020

WhatsApp has encountered a difficult 2019 on the security front. Facebook-owned messaging platform disclosed 12 security flaws, including 7 classified as “critical”, according to the US National Vulnerabilities Database. Now there’s another WhatsApp hijacking scam doing the rounds.

Learning from Jeff Bezos

Along with the multiple vulnerabilities discovered in 2019, WhatsApp users suffered from hacks and spyware attacks. The latest WhatsApp attack is currently under the investigation by FBI - Amazon CEO Jeff Bezos’ phone was reportedly hacked with a malicious video file sent from Saudi Arabia Prince. The story is a quick lesson in cybersecurity. Not even the richest man in the world is safe from a simple cyber-attack.

Luckily, WhatsApp takes immediate action when it comes to fixing their software vulnerabilities. But this time, the attack has something to do with our susceptibility to social engineering, rather than the platform’s integrity.

New social hacking scheme to beware of

There is a new social-engineering hack that fraudsters reportedly gain control of the victims’ WhatsApp, according to Forbes contributor Zak Doffman. Such scam is surprisingly simple to execute but just as easy to prevent from happening.

Attackers gained access to Zak’s friend’s WhatsApp account and captured the phone numbers of her contacts. Some of the contacts - including Zak, received a message asking to send her a six-digit code and help verify her account. Who wouldn’t give a trusted friend a hand, right?

By receiving a verification code, the attacker could gain full access to a friend’s WhatsApp and progress the scam another turn. In such a hijacking scheme, legacy data is not compromised. The device remains untouched - everything happens within the architecture level of WhatsApp. Fortunately, Zak’s friend noticed the unusual activity before the fraudsters hit and immediately warned her friends not to open any messages sent from her.

Social media flooded with WhatsApp users claiming that scammers have targeted their contacts. The number of harassed people seems to be only rising. WhatsApp users report about their accounts being stolen by number porting. Once a fraudster gains access to the victim’s WhatsApp, the contacts receive a message from one of their beloved friends to lend money under the guise of an emergency. Again, social engineering at its best.

Here’s how to stay safe

Two-Step Verification is what can save your precious WhatsApp’s account. This is different from a regular six-digit SMS code. Even if you do send it to an attacker, they would still need to know your PIN to break into the account. You will take less than a minute to set an additional layer of security to your account.

Another effective way to blow the scammers away is to use a VPN. You should limit your personal information online as much as you can. Many scams start with bad actors gathering sensitive data about you so they could use it to their advantage later on. Atlas VPN is a great tool to reduce your online footprint. Mask your identity so no hacker could intercept your communications. With Atlas VPN’s SafeBrowse feature, secure yourself from visiting malicious scammers’ websites.

Edward G.

Edward G.

Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.



© 2023 Atlas VPN. All rights reserved.