WhatsApp group chat members are being warned they could be targeted by criminals

WhatsApp group chat members are being warned they could be targeted by criminals, as Action Fraud reveals it has received 636 reports from victims of the messaging app this year.

This attack method is nothing new, but simple actions can be taken to reduce your chance of being a victim.

The fraud often begins when a member of the group receives a WhatsApp audio call from the fraudster, pretending or claiming to be another member of the group. This is done to gain the individual’s trust, and often the scammer will use a false profile picture and/or display name, so at first glance it would appear to be a genuine member of the group.

The fraudster will tell the victim they are sending them a one-time passcode which will allow them to join an upcoming video call for group members. The criminal then asks the victim to share this passcode with them so they can be “registered” for the video call.

In reality, the criminal is asking for a registration code to register the victim’s WhatsApp account to a new device so they can take over their account.

Once the fraudster has access to the victim’s WhatsApp account, they will enable two-step verification which makes it impossible for the victim to regain access their account. Other members of the group, or friends and family in the victim’s contacts, will then be messaged asking them to transfer money urgently as they are in desperate need of help.

Detective Superintendent Gary Miles, Head of the National Fraud Intelligence Bureau at the City of London Police, said:

“WhatsApp remains an integral mode of communication for many people across the UK, however fraudsters still find ways to infiltrate these platforms. Sadly, anyone can be become a target for fraud.

“With more than 630 reports already this year, we are urging users, and in particular those in big group chats on WhatsApp, to be on their guard and monitor who joins the chats.

“To keep yourself safe from fraud, never share your account details or any passcode or verification codes with anyone. If you think you are being targeted, report the message and block the sender within WhatsApp. To make your account more secure, we advise setting up two-step verification to provide an extra layer of protection.”

A WhatsApp spokesperson said:

 “All personal messages sent on WhatsApp are protected by end-to-end encryption, but we can all play a role in keeping our accounts safe.

“We recommend that all users set up two-step verification for added security and advise people never to share their six-digit PIN code with others, not even with friends or family.

“If you receive a suspicious message (even if you think you know who it’s from), calling or requesting a voice-note is the fastest and simplest way to check that someone is who they say they are.”

According to Action Fraud data, reports suggest the top three most frequently impacted group chat types are Islamic religious groups (63), Christian religious groups (56) and work chats (50)

What can you do to avoid being a victim?

  • Set up two-step verification (2SV) to give an extra layer of protection to your account.

Tap Settings > Account > Two-step verification > Enable.

  • CALL. If a family member or friend makes an unusual request on WhatsApp, always call the person outside of WhatsApp to confirm their identity.
  • Report spam messages or block a sender within WhatsApp. Press and hold on the message bubble, select ‘Report’ and then follow the instructions.

Reporting of Fraud / Cyber Crime

If you live in England, Wales and Northern Ireland and have been a victim of fraud or cybercrime, report it at www.actionfraud.police.uk or by calling 0300 123 2040. (Note, not to your local Police Force / Service)

In Scotland, victims of fraud and cybercrime should report to Police Scotland on 101.

Find out how to protect yourself from fraud: https://stopthinkfraud.campaign.gov.uk

On a personal note, we in Cyber Protect deal with many victims of account takeovers of which the vast majority would have been prevented if the above steps had been taken.

Specific for individuals, families to further secure online accounts, privacy and how to recover “hacked accounts”, see this guidance by the NCSC (National Cyber Security Centre)

https://www.ncsc.gov.uk/section/information-for/individuals-families

With over 100 members any business in Dorset can join Dorchester Chamber from business for £60p/a (no VAT).