Warning to WhatsApp users after Mansfield man’s account hacked by cybercriminals

Nottinghamshire Police are urging reisidents to be vigilent, after a Mansfield man was targeted by cybercriminals who hacked his Whatsapp account.
Phil Bramley
By Phil Bramley
Published 20th Nov 2023, 07:47 BST
Updated 20th Nov 2023, 07:56 BST
Watch more of our videos on Shots! 
and live on Freeview channel 276
Visit Shots! now

The force has seen a spike in reports about a scam that sees a criminal gain control of a WhatsApp account belonging to someone who is part of a WhatsApp group – typically including members of a community or religious group.

The criminal will then contact that person, posing as a member of that group, often via a one-time WhatsApp audio call, with the intention of building trust in order to perpetrate the scam.

Hide Ad
Hide Ad

Often the scammers will change their profile picture and display name, so at first glance it would appear to be a member of the group.

Most Popular
WhatsApp users are being encouraged to be vigilant after scammers hacked into accounts and asked their victim’s friends and family for money.WhatsApp users are being encouraged to be vigilant after scammers hacked into accounts and asked their victim’s friends and family for money.
WhatsApp users are being encouraged to be vigilant after scammers hacked into accounts and asked their victim’s friends and family for money.

During the phone call, the scammer will say they are sending a six-digit code which will allow them to join an upcoming video call for the group’s members.

In reality, the code is a six digit 2-Step Verification (2SV) code for their own WhatsApp account, and if the code is shared, the criminal can log in to the account and lock the victim out.

The criminals will then repeat this tactic with other WhatsApp contacts in an effort to steal access to more accounts. Once they have access, they have been known to message friends and family in the victim’s contact list asking for them to urgently transfer them money.

Hide Ad
Hide Ad

Cyber Protect Officer Kirsty Jackson said the scam was happening nationwide but that Nottinghamshire Police had received a spike in reports in recent weeks.

She said: “In one of the examples, a woman received a phone call on WhatsApp. She didn’t recognise the number but the profile had a picture of two children so she thought it might be a parent who she knew. “She answered and the caller said he was from a prayer group that she belonged to. He then invited her to a virtual meeting and advised he would send her a link.

“He then told her a code would come through to her phone, and that she’d need to give him that code so that he could accept her into the meeting.

“She followed these instructions – but the code actually granted the man access to her own WhatsApp account. He then used it to lock her out and then send messages to her contacts, making up stories in an effort to get them to transfer over sums of money.

Hide Ad
Hide Ad

“Thankfully no-one did but following these reports, we are encouraging people to always be vigilant. Be wary of being contacted via WhatsApp, or any other messaging platform, and being asked to provide information - despite the fact that you may recognise the individual’s profile picture and/or name.

“Never share your account information with anyone and if you think it is spam, report the message and block the sender within WhatsApp. To make your account secure, we’d advise setting up two-step verification to give an extra layer of protection.”

Another person targeted in recent weeks was Mansfield resident Collins Nlembe. The 56-year-old, who works for the NHS, said his WhatsApp account was hacked by a cybercriminal who then sent messages to his friends asking for money.

He said: “I was contacted on a work WhatsApp group and told there was going to be a staff meeting. However it was a scam and as a result the scammer was able to message my contacts.

Hide Ad
Hide Ad

“He pretended to be me and told my contacts I needed money for treatment having had an accident. One person transferred £65 and another around £150.

“He asked another one of my friends for £300, which they nearly paid. Thankfully, they called me to check the person messaging them was me – and of course it wasn’t.”

Analysis by Action Fraud, the national reporting centre for fraud and cybercrime, indicates that victims targeted in this scam were often part of large local community or religious WhatsApp groups, such as church-goers or prayer groups.

Here they were preyed upon due to the very nature of the groups – often people asking for help and guidance and leaning on the community spirit of wanting to help others.

What can you do to avoid being a victim?

Hide Ad
Hide Ad

Never share your account’s 2-Step Verification (2SV) code (that’s the six digit code you receive via text message). These codes are like house keys as they grant access, but online to your accounts.

Set up two-step verification to give an extra layer of protection to your account: Tap Settings > Account >Two-step verification > Enable.

Review the account’s privacy settings to further to help avoid sharing any personal data to numbers outside of your contact list: Tap Settings > Privacy. You can also review additional settings for each chat group you have: Tap the profile of the chat group > review options available.

You can report spam messages or block a sender within WhatsApp. Press and hold on the message bubble, select ‘Report’ and then follow the instructions.

Hide Ad
Hide Ad

If you have been scammed, incidents should be reported to Action Fraud in the first instance on their website https://www.actionfraud.police.uk or you can call 0300 123 2040 for advice. You can also make a report to Nottinghamshire Police by calling 101 and quoting the Action Fraud reference number.

For more information on how to protect yourself online, please visit: www.eastmidlandscybersecure.co.uk.