The WhatsApp OTP hijack scam is a new and increasingly popular type of cyber fraud where a user is tricked into surrendering an OTP to a fraudster, enabling them to gain access. Hackers then exploit such accounts for fraudulent purposes, identity theft, or as a medium for condoning malware. Since this app is popular for communication, this type of scams should be recognized, and the likelihood should be avoided.

Highlights:

• Scammers trick users into sharing their OTP, gaining full access to accounts.
• Attackers often impersonate trusted contacts or WhatsApp support.
• Hacked accounts are used for fraud, identity theft, or spreading malware.
• Enabling two-step verification adds an extra layer of security.
• Never share your OTP with anyone, even if they seem legitimate.

Hackers and phishers employ social-engineering techniques to infiltrate the account and get the OTP from the user. Scammers may lure others by pretending to be from an operational WhatsApp team, that there is a need for the recipient’s account to be verified. Once they get the OTP, they then proceed to freeze the account away from the owner and have free access to it. In some cases the victim only realizes that they have been conned after the criminals have gone on to make substantial misuse of the information that was obtained from them.

Whenever a scammer gets in, they use it for a wide range of fraudulent activities or to launch a phishing scheme. A large number of people are likely to fall prey to it as they tend to respond to any notification, which sounds rather urgent. Some attackers also use the unauthorized accounts in duping friends or family members into making money transfers, thus making this attack very deadly and hard to detect.

For personal protection, users should always turn on two-step verification in the settings of whatsapp. In fact, never offer OTPs to anyone for whatever reason it may seem to be; it has to be resisted. Do not trust any request for entering your login or receiving codes for verification purposes. If you know that you have been attacked, it is advised to report this and to warn others to minimize the harm. The best way to protect oneself is to be informed about the kind of scams that are prevailing out there.