Social Media Impersonation / Whatsapp Takeover Scam
Scammers will hack into a victim's social media accounts or messaging apps such as Whatsapp and use their identity to ask contacts to buy iTunes or other gift cards for them.
In other cases, scammers will reach out to the victim's contacts to ask for personal and bank details, and One-Time passwords (OTPs) of their online accounts (such as Lazada, Shopee, Qoo10) on the pretext of helping them sign up and/or claim prizes for fake lucky draws, contests purportedly conducted by popular e-commerce sites such as Lazada, Shopee or Qoo10. Once the scammers get hold of these information, they will then proceed to make unauthorised transactions on those accounts.
Social Media Impersonation Scam
In this variation, scammers would either impersonate the victim or hack into their social media account and ask their contacts for their personal details such as mobile number, bank account details, and One-Time Passwords (OTPs) on the pretext of helping them sign up and/or claim prizes for fake contests or promotions allegedly by popular e-commerce sites such Lazada, Shopee, Qoo10, etc.
Whatsapp Takeover Scam
Scammers will use a variety of ways to get victims to share their 6-digit OTP with them. Here are some of the common methods used:
A victim will receive a Whatsapp message from a friend or loved one whose account has been compromised. The scammer will use a variety of reasons to trick the victim into sharing their 6-digit Whatsapp verification code, personal or bank details with them. Reasons may range from the need for the information to help them sign up for fake contests or promotions to them sending the OTP to the victim by mistake. Once the victim shares the 6-digit Whatsapp OTP with the scammer, they will lose access to their Whatsapp account.
A victim receives a Whatsapp message from a person who claims to be a Whatsapp support staff. The person asks for the victim's 6-digit OTP for verification. After providing the pin, the victim loses access to their Whatsapp account. We wish to highlight that Whatsapp or their staff will never ask for a user's 6-digit OTP.
The scammer will deliberately fail the verification code process when attempting to install Whatsapp app using a victim's number on their phone. This then triggers the 6-digit OTP to be sent to the user's voicemail.
The scammer will then seize the opportunity to access the victim's voicemail account remotely by using the voicemail's default PIN provided by telecos to retrieve the victim's Whatsapp OTP. Once the scammer retrieve the OTP, he will proceed to takeover the victim's Whatapp account and enabling the 2-step verification to prevent the victim from regaining control over the account.
In all scenarios, scammers will proceed to reach out to more victims through the compromised accounts.