The Hong Kong data privacy watchdog has warned citizens about rising reports of scammers hijacking WhatsApp accounts, with 900 people affected in the last month. The Office of the Privacy Commissioner for Personal Data (PCPD) issued a statement earlier today with advice on how citizens can protect themselves.
Additionally, the statement contains information on the steps taken by the PCPD to help the victims. WhatsApp is one of the most popular messaging apps, with over 2.7 billion users globally — making it a lucrative target for cybercriminals.
As schemes continue to rise and become more sophisticated, more and more users have been seeking out ways to keep safe from WhatsApp scams.
Scammers Use Social Engineering to Trick Users
Privacy Commissioner Chung told RTHK that the scammers chose their targets — five social welfare organizations and schools — at random. Unfortunately, the incidents over the last month led to the leak of the names and mobile numbers of service users, students, students’ parents, and staff.
According to the PCPD, the scammers impersonate friends or relatives of victims to pry away WhatsApp verification codes. This type of scam is generally known as social engineering. It involves gaining the victim’s trust by impersonating an individual — anyone from close pals and family to a tech support agent — and stealing their sensitive data.
Commissioner Chung said the PCPD has reached out to the affected organizations and informed the victims.
Fong Baoqiao, honorary president of the Hong Kong Information Technology Chamber of Commerce, said the cybercriminals deploy fake versions of WhatsApp Web, the desktop version of the app, to steal access to victim accounts. Generally, a user is required to scan a QR code on their phone to use WhatsApp Web.
However, if they scan the QR code of a fake WhatsApp Web app, the cybercriminal gains access to their accounts.
Privacy Commissioner Urges WhatsApp Users to Enable 2FA
The Commissioner has advised anyone affected to change their passwords and enable two-factor authentication. Multi-factor authentication adds an additional level of security over passwords, so even if a cybercriminal has your password, they won’t be able to access your account without clearing the second layer of security.
WhatsApp also released a security feature in May called Chat Lock to seal confidential chats behind an additional password or biometric protection.
Additionally, it is important to learn the tell-tale signs of a likely scam or grift. If someone you know asks for sensitive information or for a fund transfer, it is always a good idea to verify their identity. Furthermore, users should always verify the authenticity of the WhatsApp Web software before logging in.
