NEW DELHI: Most of us now use UPI-based payment to ease transferring money and payments. UPI payments have made our lives simpler and eliminated the need to carry exact change. WhatsApp, the popular instant messaging platform, now supports sending and receiving money, making it easier to send money to friends and family.
A UPI transaction through WhatsApp is straightforward. Scanning a QR code, typing the amount, and sending it is all that is required.
However, cybercriminals are now misusing these facilities by taking control of your WhatsApp account with this simple trick.
Several cases of financial fraud came to light where a WhatsApp account was hijacked by asking the user to dial using a specific code.
The most recent case is of a user who received a phone call from a conman who claimed that he was calling from Airtel. The caller told the victim that he had submitted a complaint about internet troubles.
The fraudster then instructed the victim to dial a number with prefix code – *401*and someone from the Airtel call centre would call her back in 1-2 days. The victim fell into the trap and contacted the number.
What happened next will leave you amazed. Within 10 minutes of making that call, the victim received a message on WhatsApp asking for a log-in PIN to set up WhatsApp linked to the mobile number on a new device. The victim was logged out of WhatsApp on both her phone and laptop within seconds.
The victim was shocked to learn that the conman had already texted over 40-50 WhatsApp connections and requested money posing as the victim. The hacker had requested immediate ‘financial assistance,’ instructing them to Paytm some money so that he could return it by late night the same day.
The victim’s friends immediately transferred the money to the fraudster, thinking it was the victim.
Explaining the modus-operandi, a senior police officer said, In India, WhatsApp account takeover and money scams are becoming more common.
In this scam, the attacker initially calls a person and claims to be from a bank or telecommunications company. They will not require you to reveal any OTP or pin, but will request that you dial *401* followed by a phone number.
Call forwarding to that number will be triggered once you dial *401* followed by the number. Once this is completed, they will register on WhatsApp as you and receive an OTP by phone call. And as soon as they gain access to your WhatsApp, they will enable a two-factor authentication pin.
They enable the two-factor pin so that even if you try to regain access to your WhatsApp account, you will be unable to do so since you do not know the pin thus they will still have access, and you will be unable to do anything.
They will message all of your contacts begging for money after gaining access to your WhatsApp.
Here’s how to defend yourself against WhatsApp money fraud:
– Turn on two-factor authentication in WhatsApp. Even if they receive the OTP, no one will be able to log in.
– It is not recommended that you dial ‘401’ followed by a 10-digit mobile number because this is the call forwarding code.
– Never click on untrusted links or make unknown phone calls.
Follow The420.in on