I Want Your Money!
If a complete stranger asks you for money, what do you do? If they compound their sob story with tales of incurable disease, dying grandmothers, starving children living rough, and all manner of heart-wrenching scenarios, are you still tempted to part with your hard-earned cash? Would you still be willing to part with your banking data, such as account number and other sensitive information? If an unknown person phoned your cell phone and asked you to tell them the six-digit verification number you had been sent by some other unknown sender, would you hand it over?
Too Good To Be True? It Probably Is
All these scenarios and more have happened to some of my friends and acquaintances recently and it’s quite hair-raising. In one example, a friend was sent a six-digit code, pretending to be from WhatsApp, he was then phoned by someone pretending to be from a local Ministry of Health saying that they needed to urgently update said friend with COVID information. My friend then foolishly handed over the code, his WhatsApp account then became blank and unusable and all his contacts began receiving begging messages asking for money – cancer, starving grannies, living rough, that kind of bull***t. To say he was mortified would be an understatement, so I quickly offered to assist and helped him put in an urgent WhatsApp support request. In the meantime, some of his friends made bank transfers to the criminal who had taken over my friend’s WhatsApp account (yes, I know) in the thousands of local currency which would make your hair stand on end. So I said to him, “Are your friends stupid or something?”
Fortunately, his account was restored the following day, but we’re not sure if that was because of the support ticket or if the scammer wasn’t getting enough money through his/her evil deed and decided to restore the account to its rightful owner.
In another similar incident, although the other friend in question didn’t lose his WhatsApp account, many of his phone contacts made bank transfers to the criminal for quite staggering amounts of money. People who you would normally associate with cautious living, shall we say.
Two-Factor Authorisation
Since these incidents, I’ve now implemented 2FA on my WhatsApp account which means that every time I use the app I need to enter a six-figure PIN. I’ve already written about these scams in Beware Of The WhatsApp Scam! back in February 2023, but it’s still a problem. I also realise that WhatsApp is not quite as popular in the USA because most people use SMS messaging, but perhaps the same scams exist in that universe.
I regularly receive security messages from the official WhatsApp channel advising me on how to make my account more secure and today, with our phones being so personal and let’s face it, insecure, a belt and braces approach is called for.
In summary, don’t ever hand over security codes, do block unknown messages that appear suspicious, and don’t even contemplate sending money online if your gut tells you otherwise.
—
The weakest link in security is a always the human.
2fa is great and I think it should be often a default. However it’s also not a magic bullet. I’ve read about people fall for scams e.g. someone pretending to be apple, asking them to disable 2fa or give them the code so they can fix issues with their account.