Fraudsters are now relying on number porting to scam WhatsApp users.
According to Business Insider, South African cellphone numbers are being hijacked by fraudsters through a process called number porting. The fraudsters aren’t doing this to access your online banking services, they simply ask your WhatsApp contacts to send them money.
Here’s how the scam works:
First, they take control of the victim’s phone number by porting the number to a new service provider, with a new sim card. This gives them control over the victim’s existing account, allowing them to receive confirmatory SMSs from WhatsApp.
They then impersonate the victim and wait for incoming messages to be sent privately or in groups. This gives the hijacker access to the victim’s friends, family and acquaintances’ numbers, allowing them to ask for money. All they ask is for the contact to send money through FNB E-wallet services. This way they receive the code and they can withdraw the money immediately.
Prevention is better than cure, right?
To prevent this from happening, you’ll have to protect your WhatsApp account by Two-Step Verification:
- Go to your WhatsApp settings
- Choose the Account option
- Choose Two-Step verification
It allows you to enter a 6-digit PIN that would protect your WhatsApp from being used by other devices.
If you don’t activate this option, it gives the hijacker the opportunity to do it, locking you out of WhatsApp.
The best-case scenario:
As soon as someone successfully ports your number, you will be unable to use your sim card, this is your first alert to being scammed. You will need to contact your service provider immediately. Once your service provider has successfully assisted with getting your number back on a new sim card, you can log into your WhatsApp, the hijacker will be kicked out and you can activate Two-Step Verification.
- Send WhatsApp an email to deactivate your account to firstname.lastname@example.org with exactly this phrase in the subject: “Lost/Stolen: Please deactivate my account” and in the body add your phone number in international format, e.g +27 XX XXX XXXX.
- Once you have access to your WhatsApp again, log into your account immediately because then the other devices are automatically logged out. Also go to “WhatsApp Web” and click “Log out all devices”.
- Alert all your WhatsApp groups that you have been compromised and check if there are any new members in the groups (just to make sure the hijacker has no access to your contacts’ numbers or your chats).
More reason to take this security tip:
It takes one minute, sometimes less for someone to take your device and duplicate your WhatsApp on their device using the same QR Code you use to login to WhatsApp web. Two-Step Verification can prevent this. It is advisable to go to the WhatsApp web option in your settings every now and then to log out of unknown active devices.
Nou ja toe, gan activate maa dai Two-Step Verification code, net om safe te wies.