SA's new scam: here's what to do if your WhatsApp account has been hijacked
- Fraudsters are hijacking WhatsApp accounts in South Africa, and using them to solicit money from people.
- The scam relies on first hijacking your phone number – and getting back control of the number is the fastest way to get back control of WhatsApp.
- Here's what else you can do, including dealing with two-step verification, emailing WhatsApp – and warning people in your WhatsApp groups.
- For more stories go to www.BusinessInsider.co.za.
South Africa has seen a rash of hijacked WhatsApp accounts in the past week, with scammers then impersonating their victims and asking for emergency money transfers from their friends.
The fraud usually relies on first hijacking a phone number by porting that number to a new network, and a new SIM card under control of the scammer. Unless a WhatsApp account is protected by two-factor verification, whoever receives SMSes controls WhatsApp for the associated phone number too.
Once they can impersonate victims via WhatsApp, scammers need only wait for an incoming message (either directly to the victim, or to any group to which the victim belongs) to obtain the phone numbers of acquaintances – and ask those people to send money via e-wallet services.
If you are a victim, the fastest way to halt the attack and get back control of your WhatsApp account is to get back control of your cellphone number. Here is everything else you can and should do.
If you can't get your number back fast, email WhatsApp.
WhatsApp offers a last-ditch way to deactivate your account via email. Send a mail to email@example.com, with this exact phrase in the subject and body of the mail: "Lost/Stolen: Please deactivate my account". Add your phone number in the body of the mail, in the international number format +27 XX XXX XXXX, and remember to drop the first zero in 083 or 082.
Once you have your number back, log in to WhatsApp – and log out web users.
Once you sign in to WhatsApp, anyone else using your number is logged out automatically, so log in as soon as you are receiving SMSes again.
But that won't necessarily stop an attacker from still impersonating you using the WhatsApp web interface. To prevent that, go to to settings in WhatsApp, select "WhatsApp Web", and click on "Log out from all devices".
If you are asked for a verification code you didn't set up, you'll have to wait a week.
WhatsApp allows you to create a six-digit PIN number to prevent account hijacking. If you don't activate that option, an attacker can do so while controlling your account – locking you out.
The bad news is that there is nothing you can do except wait. After a WhatsApp account has been inactive for 7 days it become possible to log in without a verification code. Your hijacker is kicked out before you are asked for that six-digit PIN number, which means neither of you can use the account, and it it will sit idle. A week later you – as the person who gets the SMSes – will win out.
Let your WhatsApp groups know they were compromised – and check for new members if you are an admin.
At attacker who hijacks your WhatsApp account has access to all the groups of which you are a member – and which you administer.
It's only polite to let people know that their conversations could have been spied on while your account was compromised, even if the discussion isn't secret or sensitive.
If you administer any groups, check for new members added by "you" while you were being impersonated, or a scammer could keep listening in.
Receive a daily update on your cellphone with all our latest news: click here.
Also from Business Insider South Africa:
- Gyms and fitness trainers will be government regulated – and can be shut down – under a new draft plan
- Discovery is abandoning Vitality rewards points this week - here’s what you need to know
- Why markets are oddly subdued after Iran's attack on US bases in Iraq: 'You call that a knife?'
- Sex workers are fundraising for Australia bushfire relief by selling nude photos online. They've raised hundreds of thousands, but not without consequences.
- 3 graphics reveal the unimaginable scale of Australia's fires