The Cyber Security Authority (CSA) is cautioning the general public to refrain from sharing their WhatsApp verification code with anyone, which can lead to unauthorised access and account takeover.
The authority says it has noticed a surge in the number of WhatsApp account takeovers.
As of the end of April 2024, the authority has recorded 187 cases of account takeovers, the number, according to CSA, is equal to the total number of cases recorded in 2023.
The authority, in a statement issued on Monday, May 27, said, “The Cyber Security Authority (CSA) has noticed increased incidents of individuals falling victim to social engineering and sharing their WhatsApp verification codes with malicious actors, leading to unauthorised access and account takeover.”
“One hundred and eighty-seven (187) reports have been recorded as of April 2024, equalling what was recorded for the entire year of 2023,” it revealed.
According to CSA, malicious actors disguise themselves as familiar contacts or authoritative figures, typically as administrators of groups the eventual victim is part of.
Furthermore, they craft persuasive messages to lure their targets to disclose their verification code.
The authority said these malicious actors notify victims through text messages about an ongoing upgrade on their group platforms and request the victim to share the code that will be sent to them.
READ ALSO:
Also, perpetrators call the victims directly to inform them that a security code has been sent to prevent their account from being hacked and to request that the victim share that code.
The malicious actors then impersonate the victims and defraud their contacts.
“In some cases, the malicious actors perpetrate Subscriber Identity Module (SIM) Swap fraud wherein, they impersonate the eventual victim to a mobile network operator and acquire a new SIM card.
“The victim loses the ability to communicate altogether, while the malicious actors potentially also gain access to one-time passwords (OTP) and mobile wallets.”
The Cyber Security Authority recommended that people refrain from sharing their WhatsApp code with anyone, saying, “Treat your verification code like a password; share it with no one.”
Additionally, the authority urged users to enable two-step verification to “add an extra layer of security” to their WhatsApp accounts.
“To enable it, go to WhatsApp > Settings > Account > Two-step verification > Enable. This will prompt you to create a six-digit Personal Identification Number (PIN) that will be required periodically and whenever you register your phone number with WhatsApp again. Keep this PIN confidential.”
Below is the statement from CSA
