Users of the popular messaging app WhatsApp are being targeted by a new, highly deceptive scam that grants attackers full access to victims’ contacts, chat history, and media files.
Cybercriminals are exploiting the app’s device linking feature to hijack accounts, then using the compromised profiles to spread further malicious links to unsuspecting friends and family.
How the Scam Works
The attack begins with a seemingly innocent message from a friend’s number saying, “Hi, I accidentally found your photo!” accompanied by a shortened link.
The URL typically leads to a counterfeit Facebook login page, cleverly designed to mimic the real site’s look and feel.
When the victim enters their Facebook credentials, the attacker captures them and uses them to trigger WhatsApp’s device linking process.
Once the attacker initiates device linking, WhatsApp sends a QR code or six-digit code to the victim’s registered device.
Because the attacker already controls the victim’s Facebook session, they can intercept or manipulate the verification process, linking the victim’s WhatsApp account to the attacker’s device. The result is full remote access to all of the victim’s chats, shared media, contacts list, and group memberships.
After successfully controlling a WhatsApp account, attackers can impersonate the victim and message everyone in their contact list.
This allows them to distribute more malicious links, potentially harvesting credentials from multiple victims in rapid succession. Additionally, attackers can:
- View and exfiltrate sensitive conversations and media files.
- Join private groups and access confidential discussions.
- Spread phishing links or malware downloads under the guise of a trusted contact.
- Blackmail victims by threatening to release private media or conversations.
Many users remain unaware that device linking can be hijacked through social engineering and credential theft.
WhatsApp’s device linking feature was originally intended to allow a user to link the same account across multiple devices – such as a phone and a desktop client – but criminals have now turned it into a powerful tool for large-scale account takeovers.
Warning Signs and Prevention Tips
According to Report, Users should remain vigilant when receiving unexpected messages containing links, even if they appear to come from friends or family.
The following best practices can help prevent falling victim to this scam:
- Verify Suspicious Messages
Always confirm with the sender through another channel—such as a phone call or video chat—before clicking any links. If a friend truly found a photo of you, they will readily explain the context. - Avoid Entering Credentials on Unverified Pages
Check URLs carefully. Genuine Facebook login pages display “facebook.com” in the address bar. Look for HTTPS and the padlock symbol, but remember that even these can be spoofed. - Use Two-Step Verification on WhatsApp
Enable WhatsApp’s built-in two-step verification feature (found in Settings > Account > Two-step verification). This requires a PIN to link your account on any new device, adding an extra layer of security. - Monitor Active Devices
Regularly review linked devices in WhatsApp by going to Settings > Linked Devices. If you see an unfamiliar device or computer, immediately unlink it. - Keep Software Up to Date
Ensure both WhatsApp and your device’s operating system are running the latest versions. Updates often patch security vulnerabilities that attackers exploit.
What to Do If You’ve Been Hacked
If you suspect your account has been compromised:
- Log out of all linked devices via the Linked Devices menu.
- Re-enable two-step verification with a strong, unique PIN.
- Inform your contacts not to click any suspicious links coming from your account.
- Report the incident to WhatsApp’s support team.
This new WhatsApp scam underscores the evolving tactics of cybercriminals who leverage social engineering and trusted features like device linking to gain unauthorized access.
By maintaining cautious online habits—verifying unexpected messages, using two-step verification, and regularly auditing linked devices—users can protect their chats, media, and personal information from malicious actors.
Stay alert, stay informed, and don’t let scammers turn your WhatsApp into their gateway for widespread fraud.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
