Reports of WhatsApp One Time Password (OTP) scam are making rounds. Cybercriminals pose as a friend or fellow citizen who “accident” sends a 6-digit OTP code to the wrong phone number (yours).
The hackers ask the victim to forward OTP to them so they can complete an urgent money transaction; to capture your attention the criminals will give a solid excuse like they have to pay an emergency hospital bill.
Red alert: major WhatsApp hack going around. Dozens of friends/family hacked. Simple MO, you get this urgent WA msg from a friend, asking to share a code sent to you by SMS. Then they take over your WA and send the phishing msg to your contacts.— PKR | প্রশান্ত | پرشانتو (@prasanto) November 19, 2020
NEVER SHARE AN OTP WITH ANYONE pic.twitter.com/kdCkmTA21N
Once you have fallen prey to this scam, hackers will take over your WhatsApp account on the web and access phone numbers and photos.
Jibran Nasir, a Pakistani politician, and civil rights activist was also a target of this scam, he revealed on Twitter.
My WhatsApp got hacked today and I don't have access to it anymore. Few of friends of mine have reported same issue. Please beware of any strange message asking for a code even if sent by a known contact. Friends don't accept any message from my WhatsApp a hacker is using it now.— M. Jibran Nasir (@MJibranNasir) November 27, 2020
How i got hacked: Got a msg on whatsapp from my cousin's number to send him a code as he mistakenly gave my number. Checked my SMS & saw I received a code from a number which has sent me notifications of diff apps in past. Thinking its genuine I sent code to my cousin got hacked— M. Jibran Nasir (@MJibranNasir) November 27, 2020
Cyber experts have long stressed the importance of setting up two-factor authentication to safeguard from hackers taking over your account. The two-factor authentication is an optional security measure that would require a pre-assigned six-digit passcode to verify a user’s phone number on WhatsApp.
To safeguard yourself mobil phone users should avoid sharing OTP with anybody via SMS or on a phone call.