Dubai: Fraudsters are gaining access to the WhatsApp accounts of some residents after conning them with fake messages about winning raffles from LuLu Hypermarket, a Gulf News investigation has revealed.
While WhatsApp messages cannot be hacked because they are encrypted, the investigation found that gullible victims are tricked into giving away the verification code to gain access to their WhatsApp accounts.
Gulf News launched the investigation after fake messages about people winning Dh200,000 in a lucky draw by the popular hypermarket chain surfaced on WhatsApp accounts of people.
In the scam’s modern avatar, fake messages about the prize are sent through as photos.
While the images would carry one or two phone numbers to contact for claiming the ‘prize,’ they are sent out from phone numbers different from the ones mentioned in the photos.
Gulf News tried reaching over a dozen contact numbers given in the picture messages recently sent out to some residents including this reporter. They turned out to be either temporarily out of service or not working, apparently in an attempt to evade being caught.
However, some numbers, from which fake messages were sent, were answered by residents who were conned by the scammers.
While some had realised that their WhatsApp accounts had been accessed by the fraudsters, some did not even know why people were contacting them with weird questions about raffle prizes.
Victims said they initially believed the messages were from LuLu as the WhatsApp accounts had profile names written so and in some cases “WhatsApp had confirmed that the chat is with the business account for LuLu”.
Victims speak
Lisa (name changed on request), who works with a Dubai hotel, said she had contacted one of the numbers given in the WhatsApp message she received to check if it was genuine.
“Initially they asked for my name and bank account. I didn’t provide them those details. Then they said I would receive a code for verification.”
When she received the code, Lisa said, she thought it was to verify her prize.
“I didn’t realise it was a WhatsApp code to change number.
“I got the code and I gave it to them. They accessed my WhatsApp using it.”
It was too late for Lisa to understand that her WhatsApp got hacked. She was not able to reactivate it.
She said she called the head office of LuLu Group and the staff there clarified that there was no such raffle and she had been scammed.
Lisa said she kept trying to reactivate her WhatsApp account, but in vain.
“Then I emailed a feedback to them explaining the issue. Then they sent me a verification code again. So I managed to reactivate my account. But it took 24 hours.”
However, the danger didn’t stop there for Lisa. She has been getting calls from strangers asking about the raffle prizes.
“Now I am well known,” she said, laughing. “I still get messages from random people. I just report those numbers and block them.”
An Indian woman in Abu Dhabi said she was forced to discard her phone number after her WhatsApp was hacked by the scammers in a similar manner.
In some cases, fraudsters are using phone numbers of gullible residents which are not linked to their WhatsApp accounts.
Shakeel Ahmed, a Pakistani driver, said he had been wondering why many people had started calling him on one of his two phones which he used only for making calls.
“For three years I have been using that number. I use it only for making calls. My WhatsApp account is linked to my Pakistan mobile number,” said Ahmed.
He said he started getting many calls recently from strangers about the raffle. “I don’t know what to do. I think I should throw this number.”
He said he doesn’t remember sharing the code to change WhatsApp number to anyone. “My friend had used my phone for some days. I don’t know if he did it by mistake.”
Safeguard your account
To safeguard WhatsApp accounts, experts said users should never share their WhatsApp verification code which is used when WhatsApp is activated for the first time or when users change their SIM card or phone. Additionally, users should set up the ‘two-step verification’ by changing the WhatsApp account settings.
Users can enable this by entering a six-digit PIN which they will be asked for when their phone number gets registered with WhatsApp. An email ID can be added to the account which will be used to reset the PIN if the user forgets it.
How WhatsApp is hacked
1. Fraudsters send an image of the fake raffle prize from Lulu on WhatsApp.
2. The gullible residents believe it is from Lulu.
3. In some cases the WhatsApp profile name is written as Lulu or Lulu Hypermarket.
4. In some cases WhatsApp itself shows a message that it has confirmed that the chat is with the business account for Lulu.
5. Once convinced, residents agree to share their details.
6. Some share bank account and credit card details using which fraudsters swindle their money.
7. Some others, mostly who do not share such details, are conned into believing that they will receive a code to verify that they have won the prize.
8. They are then sent the code which the fraudsters ask them to share with them.
9. This code is actually a WhatsApp code to change the WhatsApp account number of a mobile phone into the number of the victim.
10. Once this code is shared, fraudsters get access to the victim’s WhatsApp account and use it for conning others by sending the fake message from it.
What to do if your WhatsApp account is hacked
■ Attempt to remove and reinstall WhatsApp in different times of the day everyday.
■ Send an email to the technical support of WhatsApp at support@whatsapp.com, and mention the following text: “Lost/Stolen: Please deactivate my account”.
■ Inform relatives and friends about the hacking and urge them not to respond to any messages coming from your number of WhatsApp.
■ Provide your phone number in the following format +9715xxxxxxxx.
