South Africans Targeted by WhatsApp Verification Code Scam

While digital advancements have streamlined communication, they have simultaneously opened the door to a spate of sophisticated scams, with WhatsApp verification codes now being weaponized by cybercriminals. In an alarming twist, fraudsters are using these codes to hijack accounts and extort money from victims’ contacts.

The latest string of incidents reveals a troubling pattern where individuals, irrespective of their professional stature or literacy levels, are being outwitted by scammers. A disturbing case recently discussed on CapeTalk highlights this emerging trend. A doctor, after falling prey to trickery that involved a fake request for a "Zoom verification code," lost access to his WhatsApp account. Utilizing the doctor's profile, the criminal solicited R5,000 from the doctor’s contacts. The vital mistake? The doctor had not activated WhatsApp's two-step verification feature, leaving his account vulnerable.

Digital strategist Naeem Mayet shared insights into the pervasiveness of these scams within community groups. The victim profile is diverse, including advocates, insurance brokers, and particularly the elderly. In one attempt to recover a compromised account, Mayet described the frustrating loop of trying to intercept a one-time password (OTP) which, unbeknownst to them, was conveniently displayed on the hacker's own device.

This ordeal points to a flaw in the account recovery system that benefits the fraudsters. The scam's disturbing efficacy is partly due to the victims unwittingly abiding by what seems to be a reasonable request—sharing a verification code that appears harmless but is anything but.

Compounding the issue, Mayet's attempt to rescue an elderly victim's account, by transforming the WhatsApp account into a WhatsApp Business one, hit a dead end when the app's response was a disheartening directive to "contact support." It was only after a SIM swap and a tactical delay did the victim manage to seize back control, narrowly averting a financial catastrophe. The described resilience on the part of the victims and their support networks is heartening, yet the threat remains undiminished.

Meta, WhatsApp's parent company, remained silent on specific cases and opted instead to direct City Press to its help section for standardized guidance. Perhaps predictably, when photos were shared as evidence of non-delivery of SMS OTPs, the tech giant maintained its silence.

Brandon Muller, a cybersecurity expert, reaffirmed that scammers continue to exploit the familiarity and trust associated with instant messaging apps to carry out phishing schemes. He recommends that to keep cybercriminals at bay, users should activate the two-step verification – a security measure which, ironically, is intended to fortify accounts against such infiltrations.

The consensus among experts is clear: Sharing sensitive information, like a verification code, could have sweeping implications that ripple through one's digital life, potentially locking individuals out of their online presence. The message is unambiguous—vigilance and proactive security measures are not just recommended but essential in this digital age.