Australians have been told to be vigilant against WhatsApp scammers taking advantage of users’ tendencies to not change default PIN codes.
The Australian government agency, Stay Smart Online, sounded the alarm today about the scam which could give hackers access to your private WhatsApp messages and lock you out.
The secure messaging app can be used for one-on-one conversations or for small groups, making it a popular communication platform for many businesses.
How does the scam work?
Hackers can access your WhatsApp account by taking advantage of the fact that lots of Australians don’t change the default PIN code on our phones’ voicemail accounts.
The hacker will install WhatsApp on their phone by using their victim’s legitimate phone number. They’ll generally do this late at night while the user is asleep and not using their phone.
Then, WhatsApp will attempt to verify the login by sending a verification code by text to the victim’s phone. The hacker doesn’t have access to this, so the WhatsApp service will ask the user to perform a ‘voice verification’ in which WhatsApp calls the victim’s phone and speaks the code out loud.
Since the target is asleep, the message is left as a voicemail.
Then, as most mobile service providers allow remote access to voicemail by calling a generic number and entering a PIN code, the hacker can access the WhatsApp code by calling the generic code and entering the victim’s four-digit PIN.
As most Australians don’t change this when they set up their phone, this PIN is often a simple combination like 1234 or 0000.
The hacker can now listen to the pre-recorded voicemail, hear the verification code and gain access to your WhatsApp account on their own phone.
What can I do?
Changing the PIN is a good idea. This can be done by accessing user options on your voicemail service or by calling your phone service provider.
Security-conscious users can also set up two-factor authentication on their WhatsApp account through the communications app.
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, news and tech news.