In recent weeks, if you are a WhatsApp user in Hong Kong, you might receive the following message from friend:
Hello Sorry, I sent you a 6-digit SMS code by SMS by mistake. Can you pass it on to me? It is urgent
At the same time, a SMS message containing the code is sent to you by WhatsApp.
A friend in need is a friend indeed. It seems okay to give a helping hand to your chatmate. If you forward the verification code, your WhatsApp account will be jihacked.
It is actually a phishing scheme exploiting the security loophole of WhatsApp, the instant messaging app owned by Facebook. Scammers will have full access to the victims’ messages and contacts. The compromised WhatsApp accounts will be used to spread the spam in the name of your “friend”.
According to online research, such form of WhatsApp jihacking was first warned by the Macau Police in March 2019. The Civil Guard of Spain also reported the Spanish version of the spam in February 2020:
Hola, lo siento, te envié un código de 6 dígitos por SMS por error, ¿me lo puedes pasar, por favor? Es urgente
To recover the account, WhatsApp advises the following means:
- Sign into WhatsApp with your phone number and verify your phone number by entering the 6-digit code you receive via SMS. Once you enter the 6-digit SMS code, the individual using your account is automatically logged out.
- You might also be asked to provide a two-step verification code. If you don’t know this code, the individual using your account might have enabled two-step verification. You must wait 7 days before you can sign in without the two-step verification code. Regardless of whether you know this verification code, the other individual was logged out of your account once you entered the 6-digit SMS code.
Always be careful. Next, we continue to look at some of the personnel changes in the intelligence, investigation and consultancy industry. The information is obtained through our sources as well as research of…