Recently, the users of Facebook-owned WhatsApp have been saying that their accounts had been stolen or hacked, but contrary to their claims, WABetainfo said that they had simply “given away their account”.
The platform, explaining the details, said that to sign in to your account, you need an active SIM card, where you can receive SMS or calls, so WhatsApp can send a verification code, also called a 6-digit code.
According to WABetainfo, the six-digit code is like a password, it’s secret and it must not be shared: in fact, you don’t share the password of your other social media platforms — Facebook, Instagram, Twitter — because you know it’s something private and must not be shared with others.
Imagine this message from a friend or any family member: “Hey! I had to receive an SMS code from WhatsApp but my phone is unable to receive SMS right now, so I’ve indicated your phone number: can you tell me the code you received?”
WABetainfo said that someone might think that it’s safe to share the six-digit code as the person asking is someone they trust. However, this is the biggest mistake a WhatsApp user could make as the other person will hack their account after receiving the intended information.
“He in turn got his account stolen and you’re the new victim: it becomes a big chain. But how did he reach you, if chats are end-to-end encrypted?”
The platform, explaining how the account can get taken over, said that it is possible that the new victim was in the same group as the previous one, and the thief chose them — and probably many other members too — from the group participants list.
“Some people create fake accounts using virtual phone numbers, that aren’t authorised to use the WhatsApp service, and they create a false story to convince you to share your 6-digit code,” it said.
Here are some of the messages:
“Your WhatsApp account will expire in 2 days. You need to renew it by sending the code we sent via SMS.”
“The WhatsApp Team needs to know if you’re really a human: send the 6-digit code in this chat you just received via SMS.”
“[WHATSAPP]: we have detected unusual activity in your account. Please confirm your identity with the verification code.”
The platform reminded WhatsApp users that people could make up stories and convince them to share the verification code; however, users must know that “nobody will ask for your 6-digit code on WhatsApp, neither WhatsApp: it is like a password, and passwords must not be shared”.
“WhatsApp will never ask for any private information. If you receive any message from a WhatsApp chat without the green verification badge, it’s fake,” it said.