Sri Lanka is seeing a rise in WhatsApp account hacks, with cybercriminals using verification code manipulation to access accounts and defraud contacts.
In recent cases, users report receiving unexpected WhatsApp verification codes. Scammers then pose as friends or acquaintances, asking users to share the code, which allows the hackers to take control of the account.
A Colombo businessman recounted his experience: “I received a message from my friend’s wife, a trusted contact, asking how I was. After some small talk, she claimed she accidentally sent a code to me and needed it back. Assuming it was genuine, I shared the code. My WhatsApp was hacked immediately,” he explained. Once compromised, the scammers used his account to request small sums from his contacts, claiming financial distress. “A friend even contacted my wife to check if I was in trouble. Despite reinstalling WhatsApp several times, I couldn’t regain access for 72 hours,” he said, adding that he has since filed a police report and reached out to WhatsApp support.
Cybercrime experts outlined the hackers’ two-step strategy: “First, they access the user’s WhatsApp through the verification code, then request money from the user’s contacts.” Some victims report sending amounts between Rs. 50,000 and Rs. 100,000, believing they were helping a friend.
A retired officer shared a similar incident: “I received a call from a foreign number inviting me to a Zoom religious discussion. They sent a verification code, which I forwarded, and my WhatsApp was hacked soon after. Messages were sent to my contacts, asking for money,” he said, noting that some friends unknowingly transferred funds to a compromised bank account.
Cyber experts advise users to be cautious when receiving requests for verification codes, stressing, “Never share any OTP or code.” Victims should alert their contacts through social media if their accounts are hacked to help prevent further scams. With this scam on the rise, Sri Lankan authorities encourage users to enable two-step verification and stay vigilant when receiving messages involving verification codes.
Here are the most common ways hackers attempt to steal data, launch scams and ransomware, or spread malware on WhatsApp.
- Social Engineering – WhatsApp number hack
Social engineering is a method of manipulating people to extract sensitive information, such as passwords or verification codes. In the context of WhatsApp, hackers can register your number on their device and request a verification code to access your account.
How it works. Hackers register your number on the WhatsApp application by downloading the app to their phone, entering your telephone number, and getting the verification code to access the account. The verification code is sent to your phone, and then the hacker will try to trick you into handing over the code.
How to protect yourself. If you receive a text message with a WhatsApp verification code and one of your WhatsApp contacts immediately contacts you, asking you to share the verification code, don’t give it. Because once you do it, the hacker can use it to access your WhatsApp account.
- WhatsApp Forward Call
“WhatsApp Forward Call” is a method hackers use to gain access to a victim’s account and all incoming calls.
How it works: You may receive a message, email, or phone call that tricks you into dialing a number with a Man Machine Interface (MMI) code. If you fall for the trick and make the call, your calls will automatically be forwarded to the attacker’s number. After the attacker has forwarded your calls to their phone, they can install WhatsApp, register your number, and request a verification code by phone call.
How to protect yourself. Avoid responding to messages or requests from unknown contacts. Also, avoid calling unknown numbers.
- WhatsApp Web hacking
Another popular method is hacking WhatsApp’s web version. To access and log in to WhatsApp Web, users have to scan a QR code that appears on the web browser service.
How it works. Hackers take the QR code from WhatsApp Web and place it on a malicious page. If you scan that fake QR code using WhatsApp — or sometimes even with your phone camera, they can steal your login credentials and use them to hack your account.
How to protect yourself. Before scanning, check any QR code before scanning it. You can use Bitdefender Scamio to confirm whether a QR code is genuine.
- WhatsApp Spyware
Hackers can use spyware to access the victim’s WhatsApp account by installing it on their device.
How it works. The most common ways people unintentionally infect their phones with spyware are through malicious links, third-party apps, and email attachments they click and/or download. Once installed, the spyware can record the victim’s WhatsApp messages and send them to the hacker, who can gain access to messages, audio, statuses, photos, videos, and more.
How to protect yourself. Protect your phone with a mobile security solution that detects and blocks malicious texts, messages, and links, scans webpages and apps, and alerts you in case of danger. Regularly review the permissions of the apps on your phone and check for any suspicious apps you do not remember installing.
- WhatsApp Dark Web attacks
WhatsApp hacking tools and services are sold on the Dark Web, and so are personal information leaked in breaches, phone numbers included.
How it works. Fraudsters get all the information they need from the Dark Web and then get into WhatsApp accounts to get money from you or your family.
How to protect yourself. Check regularly whether your personal information is available online and take steps to minimize your digital footprint. Consider using a digital identity monitoring tool like Bitdefender Digital Identity Protection which can alert you in real-time when your personal information is on the public or Dark Web and help you take the necessary measures to reduce risks.
Source – newswire.lk & News1st