Search icon

Tech

12th Apr 2021

Beware of the very clever WhatsApp hack that is locking Irish users out of their accounts

Alan Loughnane

WhatsApp hack

This one has been around for a little while, but a number of people across Ireland have been caught out recently.

WhatsApp scams are not a new thing by any means, but they continue to linger and catch out unsuspecting members of the public.

A JOE reader got in touch after being locked out of their account over the weekend by a scam which proceeded to catch out a number of their friends and relatives.

“I received the text yesterday from a good friend of mine on Whatsapp asking for their verification code so it seemed very genuine and legitimate to me,” the man, who wished to remain anonymous, said.

“I didn’t take too much notice and sent the code not thinking. I then received a weird voicemail and phone call from an odd number.

“Within about 30 minutes of sending the code, I was locked out of my WhatsApp account.”

While he eventually regained control of his account, a number of his relatives were caught out by the scam as well. No major harm was done but the hack was a huge inconvenience that they’d have rather avoided.

How the hack works

You must first understand how WhatsApp accounts are set up or how you log in on a new device. A user enters their phone number after downloading the app and WhatsApp will then send you a text with a one-time verification code via SMS, which will allow you to log into the account associated with the number you entered.

This proves that you have the number you entered and are not impersonating someone else. Once the correct code is entered, the phone starts to receive WhatsApp messages for that account.

How the hack starts

You will receive a text message from WhatsApp out of the blue giving you a WhatsApp code.

This will then be followed up my a message on WhatsApp from one of your contacts. The message – sent from your contact’s account – will say they accidentally sent their WhatsApp code to you by mistake and could you send it on to them because they need it.

However, when you send the code on to your “friend”, you’re actually sending it to the attacker and you’ll soon find yourself locked out of your account.

Why does this happen?

Because a user can enter any phone number they wish when logging into WhatsApp, the hacker has entered your phone number on their own phone. Then, when you receive the six-digit verification code to your phone, they pretend to be a trusted source (through a previous hacking) that you know.

It’s a simple matter to respond to a friend without too much thought, with a screenshot of the message to your friend saying, “This what you’re looking for?”, before realising your error moments later.

The problem is, the scam causes somewhat of a domino effect, in that once the first person falls and access is given to their account, the messages being sent out are from their account to people they know. It all seems more legitimate when you receive a message from your friend rather than a typical random number attempting some phishing.

What can you do to stop it?

The number one step you can do is to not forward any codes you receive on your phone to others. If you receive a message from a contact asking you to forward them a code sent to your phone, ignore it.

Users can also set up Two-Step Verification, which can be accessed under Settings-Account from within the app. It allows users to create a six-digit pin which must be entered on the app when trying to verify a phone number. It’s also a good idea to add an email for security as some offshoots of the scam has seen hackers create fake emails to contact WhatsApp claiming their account has been locked.

Two-Step Verification will stop any account hijack, meaning attackers will not be able to gain access and control of your account.

However, by repeatedly entering your phone number and requesting verification codes, they may still be able to lock your account temporarily, even though they don’t have access to the account either. Therefore, if you begin to receive verification codes to your phone that you have not requested, you should contact WhatsApp Support.