All WhatsApp users should be on the lookout for a very convincing SCAM that’s making an unwanted return – the dreaded six-digit code text.
How it starts
The trick begins when you receive a message from what appears to be a real contact starting what appears to be a normal chat with you. Sometimes the profile picture will be exactly the same as the one you are used to and the message will appear to be from your friend/contact. Even the number from which it is being sent will probably appear to be the same.
At the same time, a six-digit code will suddenly appear on your device. DING DING DING THIS IS THE WARNING YOU NEED TO BE LOOKING FOR!
Six-Digits lead to Disaster
At this point, the “friend” will say that the code has been sent to your device in error and please could you forward it to them. DO NOT. Do not forward it, do not tell it to the person and, even if the person calls you or sends you a voice note and sounds just like your friend, DO NOT DO IT!
It’s almost certain that the friend messaging you has already been hacked and you will be next if the code is sent.
How it works
The scam works because WhatsApp won’t let a new device access an account unless it’s been verified via that randomly generated six-digit code. It’s these numbers the hackers need to access (AND LOCK YOU OUT OF) your own WhatsApp account.
If you do send this person the six-digit code they will enter this confirmation code on their device and then WhatsApp will believe that it’s a genuine attempt to log in to your account and will enable the chat on the hackers’ device. As far as your contacts are concerned, the online crooks are now you and can continue to send texts in your WhatsApp conversations, or group chats.
Using this method, criminals can then target your friends and family asking for money to be sent to various accounts. Users also often find themselves locked out of their own WhatsApp account for hours making it hard to warn people that they have been targeted.
How you can protect yourself
- SET UP TWO-STEP VERIFICATION to give an extra layer of protection to your account: Tap Settings > Account >Two-step verification > Enable. (Two-step verification (also known as Two Factor Authentication or 2FA is a crucial line of defence for ALL your digital accounts and should be activated on your email account especially).
- THINK. CALL. If a “family member” or “friend” makes an unusual request on WhatsApp, always call the person to confirm their identity. The fraudster will rarely have access to the actual phone number of the person, just the digital communication channel.
- STOP if you are in the slightest doubt that the message is odd, or out of character or if it is creating urgency for you to act STOP what you are doing and find a different way to speak to the contact – other than via WhatsApp.
NEVER, ever, EVER share your account’s activation code (that’s the six-digit code you receive via SMS) with anyone else – friend or foe.