WhatsApp Hijack

This scam relies on social engineering on the part of the scammer. They will have you dial a special code that begins will **67*, or **405*. This code will be followed by a 10 or 11 digit telephone number. Once you enter this code, this will set SMS forwarding. The actor will then use WhatsApp with your number. For verification, WhatsApp will send you a PIN via SMS. Since you have SMS forwarding on, the SMS will go to the scammer. Once the scammer gets your verification code, they can then send WhatsApp messages to the contacts that are using WhatsApp. This could be a couple (if you live in the US), or many (if you live out of the US). They can now send messages to your WhatsApp list, and pretend to be you. Since the message is coming from your “WhatsApp” device, it becomes a trusted sender. The message will be for nefarious means.

This scam is easy to avoid (as with most scams). Unless you called your carrier, or phone manufacturer, do not enter any codes beginning with *. The only reason you might want to start a phone number with * is if you are using SIP broker, and that will require you to use a SIP app, and not your phone dialer. Next, tell your friends that you would call if you are in need of their assistance, and you will not send SMS/WhatsApp messages. This will arise some suspicion when you suddenly send them a WhatsApp message asking for help or to click a link. If someone calls you claiming to be from the phone company, or your phone manufacturer telling you to dial a ** code, do NOT. The number they are calling from has been Spoofed, and it is likely not the phone company or manufacturer. If you have questions, hang up the call, and dial 611 (in the US), or look up your manufacturer’s telephone number, and call them directly.