Beware of WhatsApp OTP Scam!


Image by HeikoAL from Pixabay

WhatsApp is currently one of the world’s most popular multiplatform messaging app. This wide usage has also made it the target of hackers who try to break into your account.

What is this scam about?

This scam is about taking over your WhatsApp account. The way it works is this:

1. The hacker puts in your WhatsApp number on another device (say device H).
2. Since WhatsApp is already installed on your device, you will get an OTP from WhatsApp on your (device Y). This OTP is always needed to setup the WhatsApp account on a new device.
3. The hacker sends you a message claiming to be your friend. In order to grab your attention, the hacker describes some kind of emergency, like a medical emergency or an accident.
4. After assuring you of being your friend, the hacker will ask for the OTP that you received from WhatsApp; he will tell you that it has been accidently forwarded to your phone. Remember, this OTP was not forwarded by hacker’s phone, it was sent by WhatsApp as part of their security process.
5. The moment you share the OTP with the hacker, he will use that OTP to set up the WhatsApp account on his device (device H) and since WhatsApp can only run on one device at a time, you will be locked out of your WhatsApp account on device Y.
6. The hacker will have the full access to your messages, contacts and groups. He can now use your WhatsApp account for illegal activities since you are locked out of your own account.
7. The hacker may also request monetary help from your other friends or relatives.
8. Once this is started, he will target your other friends / relatives and repeat this thereby multiplying the problem many fold.

How To Stay Safe?

The rule is very simple – Never share your OTP or personal information with anyone.

What to do if you are Affected?

If your WhatsApp account has been affected by hackers, immediately reset your WhatsApp and log in again. You will have to feed in your registered number and then you will receive an OTP. 

Log in to WhatsApp on your device using this OTP. This will lock the hacker out of any other device they are using with your number. 

WhatsApp Security

Every WhatsApp account is protected but if you lose access to your WhatsApp account, then follow the instructions given below to recover your account.

  1. If someone else is using your WhatsApp account (or if you suspect someone else is doing so), immediately inform your family and friends as this individual could impersonate you in chats and groups. Since WhatsApp is end-to-end encrypted, messages are stored on your device, so someone accessing your account on another device can’t read your past conversations. But that person could have access to new chat messages.
  2. Every WhatsApp account has a 6-digit registration code; never share this code with others.
  3. Enable 2-step verification.
  4. As with everything else online, never share your personal information with others.
  5. Be cautious if you receive calls or messages from unknown people.

How Severe is the risk?

Many banks, financial institutions, mutual funds now use the WhatsApp platform for balance enquiries and transactions. You must evaluate the risk before you hop on to the WhatsApp bandwagon for financial transactions. How essential is it for you to have banking on WhatsApp? If you travel a lot, especially by public transport, have you evaluated the risk of the mobile device being stolen? What about the financial consequences? Just as you carry a limited amount of cash when you move out, put a small amount of money in your e-wallet – keep only one e-wallet which is easily accepted. By putting all your bank apps, linking WhatsApp account with bank accounts, you are only increasing the risk. That risk is not worth the ‘convenience’ that is promised to us by banks when they ask us to use their mobile platforms.

What methods do you use to stay safe when using online banking and mobile banking? Share your ideas and experiences here. Stay safe.



Categories: Blog

Tags: , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: