The Telecommunications Authority of the UAE has issued an advisory on Twitter for WhatsApp users and warned that they should not reply to code verification messages unless it is triggered by the subscriber. Many WhatsApp accounts have been hacked through this method.
Nicolai Solling, Chief Technology Officer at security solutions provider Help AG Middle East, told TechRadar Middle East, that this is a widespread phenomenon and it is known as “social engineering”.
“Scammers have hacked many accounts globally and their main intention is to gain control over WhatsApp accounts. What the scammer does is that he or she sends you a code on WhatsApp and tells the user to reply by clicking a link to verify the phone number,” he said.
Normally, when you install WhatsApp on a device, WhatsApp sends a verification code to check if you are the owner of the phone number and it is done automatically. However, in this case, the scammer is sending you a WhatsApp code and a link.
“If you click the link, you are confirming that it is you on behalf of the scammer. By that way, the user can lose control of the WhatsApp messages and the scammer can read and send messages on your behalf.”
If a user hasn't requested for a WhatsApp code, they should not click on any conformation links on WhatsApp.