WhatsApp Misuse: How Cyber Fraudsters Are Increasingly Exploiting WhatsApp Users through Social Engineering Technique

I’ve got a long-standing history with Nigerian scammers, not that have I have fallen prey to any of their devious social engineering schemes, but for some strange reasons, lots of people around me have. Recent activities in the Nigerian cyber threat landscape indicate that Internet fraudsters who are otherwise known as “yahoo boys” have turned their attention to the local market and are targeting vulnerable, “cyber unaware” individuals, unsurprisingly the most commonly used instant messaging platform in Nigeria, WhatsApp, has become their new hunting ground.

Although technically under-equipped, Nigerian cyber fraudsters have mastered the fine art and science of deception which makes them a force to be reckoned with. Also, the approach adopted by most of them vary with their target, and in this case, individuals looking for cheap internet plans at the best value for money are getting pwned by scammers on WhatsApp. In a ploy to hijack your account and extract a fee, the scammer advertises internet plans at an irresistible bargain price via a WhatsApp group or broadcast message, then patiently waits for a victim to engage the advert.

Once an unsuspecting victim places a request to purchase an internet plan, the scammer demands payment for his service. On receiving cash, the scammer pounces and attempts logging into the victim’s WhatsApp account by requesting an “SMS verification code” required to complete the registration process for an internet plan. The unsuspecting victim who is clueless that this “SMS verification code” is the six-digit pin required when logging into WhatsApp on a new device, willingly surrenders their information to the scammer who hijacks the account and locks them out by enabling two-step verification on WhatsApp.

This technique has been proven to be quite effective. For instance, once a scammer compromises someone’s account and assumes their identity, it is quite easy to exploit the trust between the victim and their loved ones. It’s no surprise that some of the most effective cyber-attacks today (e.g., business email compromise) are based on impersonation.

Fortunately, there’s a way out. Refer to the simple guide below to learn how to defend your digital identity against this type of fraud.

Maintain Zero trust especially with verification codes

Do not disclose your six-digit WhatsApp SMS verification code to anyone you don’t trust.

Enable two-step Verification immediately

One effective security control against identity thieves is enabling two-step verification on WhatsApp. This provides an extra layer of defense by requesting a six-digit PIN that you created, each time there is an attempt to verify your phone number on WhatsApp.

To set up two-step verification, simply launch WhatsApp, and locate the Settings option under the upper right kebab menu.

On the “Settings” page select “Account” > “Two-step verification” > Enable.

Add alt text

Finally, the app will prompt you to create a six-digit PIN for verification and optionally supply a valid email address in case you forget your six-digit PIN. If you’re a WhatsApp user, to better secure your account, don’t hesitate to enable this feature and share this article with your friends.