A new dangerous fraudulent scheme was highlighted by the Postal Police in an official note, where it explained that «There is an ongoing online scam that uses WhatsApp account hacking to deceive users and steal money». Central to this scam is the role of trust that scammers can exploit thanks to account theft perpetrated on a real WhatsApp account, transforming it into an extremely powerful and effective social engineering tool. The messages sent simulate plausible and personal urgencies, leveraging the fact that the sender appears as someone you know and trust. This lowers cognitive defenses and pushes contacted users to make hasty decisions. Let’s analyze in more detail how the stolen WhatsApp account scam works and how to defend yourself.
How the stolen WhatsApp account scam happens
According to what was reported by the Postal Police, cyber criminals aim first and foremost to steal a WhatsApp account. This can be done by tricking the victim into sharing verification codes or other sensitive information. Once they have taken over the account, the scammers begin to write to the contacts saved in the address book, constructing messages that describe sudden emergencies, such as economic difficulties or personal problems, and ask for immediate help in the form of payment or bank transfer. The strength of the scam lies in the credibility of the conversation started by the criminals. Credibility attributable, first of all, to the message coming from a known number, with a real chat history and which, for this reason, is perceived as authentic by those who receive it.
This is precisely the main risk factor of this scam, based on the automatic nature with which we tend to trust those we recognize. From a scientific point of view, it is a bias, that is, a mental shortcut that simplifies decisions and that leads us to trust something or someone we know, but which, as you have probably already guessed, can lead to making mistakes, even very gross ones. Scammers know this fact well and exploit it, focusing on the speed and emotionality of the response of their potential victims. When you follow the scammers’ instructions and agree to provide the requested payment, the scam is effectively complete.
How to protect yourself from the stolen WhatsApp account scam
Now that the modus operandi of the malicious actors is clear, let’s see what the Postal Police’s recommendations are thanks to which it is possible to defend oneself from the scam. by contacting the person directly via a call or, in any case, with an alternative channel to WhatsApp. Law enforcement advice is as follows:
In the presence of requests for money received via chat, it is essential to maintain a prudent attitude and always verify the authenticity of the message, even when it seems to come from a known contact. It is important to pay attention to unexpected links and communications and to protect your accounts by avoiding the distribution of verification codes, login credentials or personal information, which could be used by scammers to perpetrate further fraud.
First of all, always verify the authenticity of the message by contacting the person who sent you the request for help by telephone and telling them what happened (so that they can also become aware of having been hacked on WhatsApp). Another key step is activating two-step verification, a security measure that adds an additional layer of protection to your WhatsApp account. And, finally, report any fraudulent messages received by using the specific functions made available by WhatsApp, so as to limit the spread of the scam.
