A new dangerous scam scheme has been highlighted by Postal Police in an official note, where he explained that «There is an ongoing online scam that uses WhatsApp account hacking to deceive users and steal money». Central to this scam is the role of trust that scammers can exploit thanks to account theft perpetrated on a real WhatsApp account, transforming it into an extremely powerful and effective social engineering tool. The messages sent simulate plausible and personal urgencies, leveraging the fact that the sender appears as someone you know and trust. This lowers cognitive defenses and pushes contacted users to make hasty decisions. Let’s analyze in more detail how the stolen WhatsApp account scam works and how to defend yourself.
How the stolen WhatsApp account scam happens
According to what was reported by the Postal Police, cyber criminals aim first and foremost at theft of a WhatsApp account. This can be done by tricking the victim into sharing verification codes or other sensitive information. Once they have taken over the account, the scammers begin to write to the contacts saved in the address book, constructing messages that describe sudden emergenciessuch as economic difficulties or personal problems, e they ask for immediate help in the form of payment or bank transfer. The strength of the scam lies in the credibility of the conversation started by the criminals. Credibility attributable, first of all, to the message coming from a known number, with a real chat history and which, for this reason, is perceived as authentic by those who receive it.
This is precisely the main risk factor of this scam, based on the automatic nature with which we tend to trust those we recognize. From a scientific point of view, it is a bias, that is, a mental shortcut that simplifies decisions and that leads us to trust something or someone we know, but which, as you have probably already guessed, can lead to making mistakes, even very gross ones. Scammers know this fact well and exploit it, focusing on the speed and emotionality of the response of their potential victims. When you follow the scammers’ instructions and agree to provide the requested payment, the scam is effectively complete.
How to protect yourself from the stolen WhatsApp account scam
Now that the modus operandi of the malevolent actors is clear, let’s see what the Postal Police’s recommendations are thanks to which it is possible protect yourself from fraud. by contacting the person directly via a call or, in any case, with an alternative channel to WhatsApp. Law enforcement advice is as follows:
In the presence of requests for money received via chat, it is essential to maintain a prudent attitude and always verify the authenticity of the message, even when it seems to come from a known contact. It is important to pay attention to unexpected links and communications and to protect your accounts by avoiding the distribution of verification codes, login credentials or personal information, which could be used by scammers to perpetrate further fraud.
First, always verify the authenticity of the message by contacting the person by telephone who sent you the request for help and telling him what happened (so that he can also become aware of having been hacked on WhatsApp). Another key step is theenable two-step verificationa security measure that adds an additional layer of protection to your WhatsApp account. And, finally, Report scam messages possibly received by taking advantage of the specific functions made available by WhatsApp, so as to limit the spread of the scam.
