WhatsApp has been the hunting ground for online scammers since long now. We had reported a WhatsApp OTP scam earlier that is capable of leaving a user locked out of his/ her account. A new report mentions the practice being continued, in a new form altogether.
The scam being mentioned here does not take advantage of any security vulnerability of the Facebook-owned chat app. Instead, it plays on the gullibility of the victims, who share their OTP with others online.
The scam essentially aims to gain the login OTP for WhatsApp, which the app sends on the registered number for the account. Once the scammers gain the OTP, they use it to login to the victim account on their own device, leaving the original user locked out of the account on his/ her own smartphone.
Earlier, this practice was being carried out under the cover of an ¡®emergency situation¡¯. The scammers would send an emergency message to a WhatsApp user, at times through a friend¡¯s account that has already been compromised. The message would ask for an OTP that the victim would receive, under the pretext that the OTP was wrongfully sent to their number.
While in reality, the OTP would be the one needed to login to that account. Once the OTP is shared, the original user would lose access to their account. The scammers would then spread the scam to the contact list of the compromised account. The same can also be used for spreading malware through malicious files to the contacts.
A new method now being used for the same scam has been mentioned in a report by News18. The report highlights a similar OTP scam that is being carried out using open URLs. As per the report, the URLs show a prompt suggesting that an OTP (one-time password) has been sent to a user.
The scammers use this trick to gain the confidence of the victim. Such malicious URLs are easily available on the internet, the report points out. They can even be used to show any six-digit OTP that the scammers wish to show on the screen of the victim device.
Once the scammers gain confidence of the victim, they ask for the second OTP, the original ¡®Login¡¯ one this time. If and when shared, the OTP gives them access to the victim¡¯s WhatsApp account.
Users need to beware of such scams and as a general rule, never share an OTP on the Internet to keep cyber-fraud at bay.