UK watchdog raises alarm as crooks steal WhatsApp accounts

Action Fraud, the UK’s national cybercrime reporting center, urges users to add an extra layer of protection to WhatApp accounts.

The watchdog said it had recently received over 60 reports about a scam that led to the takeover of WhatsApp’s user accounts.

“The criminal, posing as your friend or someone that’s a member of a WhatsApp group you’re in, will then send you seemingly normal messages to try and start a conversation with you,” Action Fraud warned.

Around the same time, victims receive a text message from WhatsApp with a six-digit code, meaning a scammer is trying to log in to the app using the victim’s mobile number.

“The criminal will claim that they sent you their code by accident and ask you to help them by sending it to them. Once the criminal has this code, they can log in to your WhatsApp account and lock you out,” Action Fraud said.

It added: “The criminal will then use the same tactic with your WhatsApp contacts in an effort to steal more accounts and use them to perpetrate fraud.”

While 60 might not seem like a high number of complaints, everyone is at risk of such a malicious attempt.

Last November, a threat actor claimed they were selling an up-to-date database of nearly 500 million WhatsApp user mobile numbers. A data sample shared with Cybernews of nearly two thousand user numbers, more than half from the UK and the rest from the US, proved the claims to be likely true.

To prevent similar attacks, Action Fraud urged users to enable two-factor authentication (2FA). Upon receiving an unusual request, you should always call the person to confirm the identity. Never share your account’s activation code, and you might want to report spam messages or block a sender within WhatsApp.