Large community and religious groups are being targeted by scammers who are stealing access to their WhatsApp accounts, with Action Fraud confirming it has received 268 reports since January this year.
The scam begins when a criminal gains control of a WhatsApp account belonging to someone who is part of the same WhatsApp group. The criminal will then contact that person, posing as a member of that group, often via a one-time WhatsApp audio call, with the intention of building trust in order to perpetrate the scam. Often the scammers will change their profile picture and display name, so at first glance it would appear to be a member of the group.
During the phone call, the scammer will say they are sending a six-digit code which will allow them to join an upcoming video call for the group's members.
In reality, the code is a six digit two-factor authentication (2FA) code for their own WhatsApp account, and if the code is shared, the criminal can log in to the account and lock the victim out.
The criminals will then repeat this tactic with other WhatsApp contacts in an effort to steal access to more accounts. Once they have access, they have been known to message friends and family in the victim's contact list asking for them to urgently transfer them money.
Detective Chief Superintendent Ollie Shaw, Head of the National Fraud Intelligence Bureau (NFIB), said:
“WhatsApp continues to be a popular platform for fraudsters, even more so with community and religious groups. Here, scammers rely on the goodwill of people and their intrinsic nature of wanting to help like-minded people, either in the local community or from the same church or place of worship.
“We urge people to always be wary of being contacted via WhatsApp, or any other messaging platform, and being asked to provide information - despite the fact that you may recognise the individual's profile picture and/or name.
“Never share your account information with anyone and if you think it is spam, report the message and block the sender within WhatsApp. To make your account secure, we'd advise setting up two-step verification to give an extra layer of protection.”
Analysis of Action Fraud reports indicate that victims targeted in this scam were often part of large local community or religious WhatsApp groups, such as church-goers or prayer groups. Here they were preyed upon due to the very nature of the groups - often people asking for help and guidance and leaning on the community spirit of wanting to help others.
What can you do to avoid being a victim?
- Never share your account's two-factor authentication (2FA) code (that's the six digit code you receive via SMS).
- Set up two-step verification to give an extra layer of protection to your account.
Tap Settings> Account>Two-step verification> Enable.
- THINK. CALL. If a family member or friend makes an unusual request on WhatsApp, always call the person not via WhatsApp, and ideally via a videocall, to confirm their identity.
- You can report spam messages or block a sender within WhatsApp. Press and hold on the message bubble, select ‘Report' and then follow the instructions.
If you have been a victim of fraud or cybercrime, report it at www.actionfraud.police.uk or by calling 0300 123 2040. In Scotland, victims of fraud and cybercrime should report to Police Scotland on 101.