WhatsApp remains one of the most popular social messaging platforms in the world. Since its acquisition by Facebook, the service has expanded to more users and now has over two billion users worldwide. The large user base comes with one big caveat: hackers keep trying to gain access to the platform.
It is important to note that hacking is not just restricted to WhatsApp alone. Every consumer service as well as business platforms are prone to hack. However, hackers manage to penetrate a service only when users leave gaps in how they use their device or the service itself. In the case of online services, it is better to be safe than sorry.
WhatsApp OTP scam: what is it?
In the case of WhatsApp, one of the easiest ways for hackers or scammers to get access to the service is via OTP (one-time password) messages. The fraudsters or nefarious actors have been using the OTP scam to gain access to WhatsApp for quite some time. There is a new threat that is becoming prominent right now.
This is possible because WhatsApp is linked to your mobile number and relies on OTP messages for setup. Whenever you try to set up WhatsApp on a new device, the first screen that comes up after installing the app is the mobile number. Once you enter the mobile number, you will get an OTP from the Facebook-owned messaging platform. The number authenticates the user and immediately allows them to use the platform.
This process is by design but also one that fraudsters try to exploit. If you are a WhatsApp user then you must know that the service does not send OTP unless you prompt it. So, if you don’t enter your number while setting up the app then you won’t get an OTP from the service.
However, hackers and scammers know that people are vulnerable to such exercise. They use social engineering to pretend as friends or family and will use platforms like SMS or Facebook Messenger to connect. These scammers usually claim that they have been logged out of their WhatsApp accounts and need your help to use the service once again.
Whenever you get such a message, you need to know that WhatsApp does not have an option for logout. When you uninstall the app, you will not get messages but as soon as you install the app again, you will get the messages once again. Now, hackers will claim that they are not getting OTP on their number and you will be receiving the OTP instead.
This is another flag to understand that you are communicating with a hacker or a fraudster. This conversation is usually followed by you getting an OTP message and the hacker will ask you to share it with them.
When you share this OTP, you will be logged out of WhatsApp and you will get a message that you cannot use WhatsApp on your current device. This is because the hacker entered your number, got the OTP and managed to set it up on another device. So, it is important to know that you will never receive OTP for someone else. It is impossible in the case of service like WhatsApp.
What to do if you lose WhatsApp access?
In case, a hacker manages to get your OTP and log in to their WhatsApp account, you can still gain access to it. In order to regain your WhatsApp account, reinstall WhatsApp on your device and enter your mobile number to get a one-time password. Enter the OTP and you will be able to regain access to the service.
This particular step will restrict the hacker from using the service with your number on their device. It is recommended that you never share OTP with anyone, whether they are friends or family and whether it is a banking account or a social media account.
WhatsApp OTP scam: how to avoid it?
- Never share your OTP with anyone
- WhatsApp will never send an OTP unless prompted by you
- WhatsApp will never send your friend’s OTP to you
- If a hacker pretends to be your friend or family asking for OTP, call them to verify
- Activate WhatsApp Two-step verification. Tap on three dots at the top right corner, click on Settings
- Select Account and then tap on Two-step verification
- Once two-step verification is enabled, even if someone tries to access your WhatsApp they will also need two-factor authentication code to really access the service