The Cyber Security Authority (CSA) has said since April 2023, it has recorded at least 64 incidents of individuals falling victim to social engineering and unwittingly sharing their WhatsApp verification codes with malicious actors, leading to unauthorised access and account takeover.

It is, therefore, urging the public to be vigilant.

The CSA noted that the modus operandi is that after compromising an existing WhatsApp group, the malicious actors “begin to target members of the group that the initial victim is part of, they craft persuasive messages designed to lure their targets to disclose their verification code”.

Some of the methods used to do that include: “Notifying the victim through text messages about an ongoing upgrade on their group platforms and requesting the victim to share the code that will be sent to them; calling the victim to tell them that a security code has been sent to prevent their account from being hacked and requesting the victim to share the code that will be sent to them; Informing the victim that they have received a mobile money transfer, and that they are required to reveal the code sent by the perpetrator to access the funds; Sharing URLs in WhatsApp groups and instructing group members to click on them to update their information by providing the code that will be sent to them.”

It emphasised that: “Once the code is shared, the victim’s account is compromised, opening the door to unauthorised access and account takeover.”

The CSA indicated that: “The malicious actors may then go on to impersonate the victims and defraud their contacts resulting in reputational damage as well as monetary losses.”

It has, therefore, recommended that individual “never share verification codes, enable two step verification and verify unexpected requests.”