© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

How to secure your WhatsApp as user scams surge


Users of a popular messaging platform complain about a surge in spam texts following a leak of over 487 million WhatsApp user records.

“Someone definitely bought USA records and now they are messaging my friends and family asking for money - I didn’t click any links or shared any PIN,” a Twitter user complained.

They refer to a recent post on a well-known dark web forum where a threat actor is selling nearly 500 million WhatsApp users’ phone numbers.

The threat actor told Cybernews the US user database with over 32 million records costs $7,000.

While we don’t know the origin of the dataset and are still yet to hear from WhatsApp and its owner Meta, we know for sure that users with their numbers out in the public are in danger.

Threat actors could bombard them with spam messages, spoofing popular brands like DHL or Amazon that are often exploited during the holiday season, attempt to lure victims into cryptocurrency scams, or even make an attempt at account takeovers.

Surge of spam messages

Users report an increase in spam campaigns, where threat actors fake invoices. “This explains the calls saying an iPhone’s been charged to my Amazon account,” one tweet reads.

Low-tech scams are popular during the shopping season. Since there’s no malicious link involved, it easily gets through defenses. Scammers either call you themselves or make you call them to, for example, cancel a purchase you didn’t make.

Once a victim dials the number, cybercriminals try to extract as much personal information as possible that is supposedly needed to cancel the order.

Users also report unwanted personal messages from scammers pretending to be, among others, doctors from the US, when, in fact, the phone number they are texting from points out to them being in Nigeria.

These sorts of personal messages are nothing but harmless. Fraudsters look for their victims on dating apps and social media platforms or even send random texts masquerading as the wrong number.

They pretend to be looking for friends, and only after gaining victims' trust, make a seemingly innocent suggestion to earn money by investing in cryptocurrency. Just recently, US law enforcement authorized the seizure of seven domains used in a "pig butchering" scam where five victims lost $10 million.

There’ve also been attempts at account takeover. One Twitter user has been getting a notification from WhatsApp that someone is trying to register the account with a new device.

“It easily happens two to three times a week, and that's how it's been since September,” they complained. These messages had been flooding users even before the ad was posted on the dark web. With a massive dataset for sale, this will likely intensify. Luckily, this WhatsApp user has two-factor authentication (2FA) enabled, making it harder for attackers to penetrate the account.

Threat actors also impersonate well-known brands and famous figures to fool victims. For example, Binance CEO Changpeng Zhao’s followers reported getting random messages from someone posing as him. Zhao said attackers were impersonating him and urged to block imposters.

Most likely, attackers impersonating Zhao would try to lure victims into some sort of cryptocurrency scam.

While there’s no way of telling whether someone has bought the dataset causing the surge in scam attempts, the examples above illustrate how dangerous it is to have your phone number out in the open.

How can I protect myself?

A private phone number that belongs to an individual as opposed to government agencies’ and corporations' contacts, is considered to be personally identifiable information (PII).

Therefore, companies have a duty to protect the information you share with them. However, due to some security flaws or simple scraping that some companies turn a blind eye to, your data, like your email address or phone number, can get leaked. There are a couple of things you can do to make sure that your disclosed information will not benefit threat actors:

  • Do not answer calls and text messages from unknown members. Block anyone who raises suspicion.
  • Enable 2FA as soon as possible – head to WhatsApp Settings-Account and turn the feature on.
  • Check that your profile information is not publicly visible. Go to Settings-Privacy and choose who can see your profile picture, “about” information, and other account details. Make sure you share those only with a small group of people.
  • Don’t fall for scam support messages. We’ve noticed scammers offering their “help” by redirecting WhatsApp users to experts who allegedly can help get the hacked account back. The only way to recover a hacked account is by contacting official support.

More from Cybernews:

Top FIFA World Cup Qatar 2022 scams to watch out for

Facebook fined $276m for data scraping leak in the EU

Musk accuses Apple of threatening to kick Twitter from App Store

Acer driver flaw allows deploying malware during boot process

Job listings betray Netflix’s intentions to build high-profile video games

Cyber pirates feel Monday mourning blues

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked