More than a billion people use the WhatsApp mobile messaging app that helps you send text messages, photographs, videos and audio.  Due to its extreme popularity, it is not surprising that WhatsApp has become an attractive platform for scammers. I have reported to you for years about the various scams targeting WhatsApp users.  The reports in the news recently pertaining to the hacking of Amazon founder Jeff Bezos’ phone are attributing the hacking to exploited vulnerabilities with his WhatsApp account.  However, a more common WhatsApp scam that is happening frequently now involves social engineering used to hack your account and then use your account to scam other people.  The scam starts when you receive a message through WhatsApp that appears to come from a friend of yours. The message from your trusted friend tells you that you are about to receive a text message and requests that you send that message back to your friend.  The truth is that the message you received through WhatsApp is from an account taken over by a hacker who is looking to take over your account.  The text message that you are sent on your phone is actually a dual factor authentication code sent to you because the hacker is trying to take over your WhatsApp account and if you sent it to your “friend” as requested, you are actually turning over that code to a hacker who can then use it to take over your WhatsApp account in order to send out messages with malware or lure your WhatsApp friends into becoming victims of scams because they believe the messages sent by the hacker with malware and scams are coming from you.

TIPS

In 2017 WhatsApp added dual factor authentication capabilities and you should use this if you are a WhatsApp users.  Passwords are just too vulnerable to be the sole method of authentication for important apps or accounts.  Whenever you are able to use dual factor authentication for a particular website, account or app, you should take advantage of this.  Some dual factor authentication protocols do not require it to be used when you are accessing the account from the computer or smartphone that you usually use, but only if the request to access the account comes from a different device, which still provides security without even having to use the special code.  However, as indicated in the scam I referred to above, dual factor authentication is not foolproof.  Never estimate the power of a fool.  Fortunately, there is a way to protect yourself from this scam by setting up a PIN for your WhatsApp account so that even if someone got your dual factor authentication code, they could not access your account. You can set up a PIN by going to the Settings-Account section of the app.  Of course, you should also remember to never under any circumstances provide to anyone the dual factor authentication code sent to your phone.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”