A sharp rise in WhatsApp account hacking has alarmed digital security authorities in Sri Lanka, with the Sri Lanka Computer Emergency Readiness Team (SLCERT) reporting 64 complaint cases so far this year. Officials believe the actual number is far higher, as many incidents go unreported.
The CERT also urged victims to contact them during the cooling period to regain ownership of their compromised accounts, CERT Senior Engineer Charuka Damunupola said.
Speaking to the Daily Mirror, he explained that most accounts were compromised after victims clicked on malicious Zoom meeting links. Hackers would analyze the victim’s WhatsApp group content and, depending on the person’s profession, craft messages to contacts requesting money.
According to Damunupola, the attackers trick victims into sharing a Zoom meeting code that reveals a fake WhatsApp meeting code, followed by a request for a verification code. This code is actually the One-Time Password (OTP) for the victim’s account, allowing hackers to take full control.
“Most fraudulent messages request Rs. 50,000 or Rs. 100,000, claiming the sender is in trouble,” he said. “Never share your OTP with anyone, and if you receive such a request, call the person directly preferably on a regular phone line, not via WhatsApp to confirm.” he said.
CERT also urged victims who transferred money to file a complaint with the nearest police station. Damunupola advised those who lost access to their accounts to try recovering the OTP using their registered number or to wait for the WhatsApp cooling period after installing a fresh copy of the app, during which CERT can assist in restoring account access.
He added that most bank account details provided by scammers do not belong to them but are linked to deceased individuals.
“Do not share your OTP with any third party under any circumstances,” Damunupola further said.
*Except for the headline, this story has not been edited by Pulseline staff.
Leave a comment