A malicious WhatsApp One Time Password (OTP) scam is making the rounds, and it has already targeted quite a number of people, including a high-profile activist.
The scam involves cybercriminals posing as a friend or fellow citizen who “accidentally” send a 6-digit OTP code to the victim’s phone number. The hackers then proceed to ask the victim to forward the OTP to them so that they can complete an urgent financial transaction. They usually incorporate a made-up story to gain the victim’s sympathy, like having to pay for an emergency hospital bill.
Of course, once the victim falls for the trap, the hackers take over their WhatsApp account on the web and access their phone numbers and photos.
Moral of the story so far: never share an OTP with anyone. And it would be best to treat every WhatsApp message from an unknown source with caution.
Among the people who have already been targeted by this scam is Pakistani politician and civil rights activist Jibran Nasir. He took to Twitter to share his experience and warn his followers about the scam.
My WhatsApp got hacked today and I don’t have access to it anymore. Few of friends of mine have reported same issue. Please beware of any strange message asking for a code even if sent by a known contact. Friends don’t accept any message from my WhatsApp a hacker is using it now.
— M. Jibran Nasir (@MJibranNasir) November 27, 2020
How i got hacked: Got a msg on whatsapp from my cousin’s number to send him a code as he mistakenly gave my number. Checked my SMS & saw I received a code from a number which has sent me notifications of diff apps in past. Thinking its genuine I sent code to my cousin got hacked
— M. Jibran Nasir (@MJibranNasir) November 27, 2020
This is one of those scams that further underscores the importance of relying on two-factor authentication to safeguard your account details from malicious individuals. As an optional security measure, two-factor authentication essentially requires a pre-assigned six-digit passcode to verify a user’s phone number on WhatsApp.
