NEW DELHI, Jan 21: A police research tank under the union home ministry has released a warning and advise against several scams that occur on the widely used social media messaging app WhatsApp and result in money theft and cybercrimes. Seven distinct fraud kinds have been identified by the Bureau of Police Research and Development (BPRD). These include deceitful tactics such as fooling people through missed calls, video conversations, investment plans and employment offers purportedly, impersonation, hijacking, and screen sharing.The eight-page advisory-cum-alert described the scam as a “hijacking” attempt in which the con artists gain unauthorised access to the victim’s WhatsApp (WA) account and ask their acquaintances for money. Also, a few individuals reported seeing WhatsApp video calls from unidentified numbers. These were essentially naked video conversations used for sextortion, followed by threats against the user. According to the BPRD, “the hackers blackmail the user and demand money in exchange.” Under the Ministry of Home Affairs, the BPRD is a think tank focused on police-related issues (MHA).For its part, WhatsApp, which is owned by internet giant Meta, has recently started a number of public messaging campaigns to inform the public about the safety protections the network offers. According to the BPRD, hackers utilise “code scripted bots” to identify active users and then target them for various cyber threats. The hackers say they do this by intercepting missed calls from numbers that start with country codes, primarily those from Vietnam, Kenya, Ethiopia, and Malaysia. Chief financial officers, chief operating officers, chief technical officers, and high-ranking police and government officials are among the top management executives that the con artists target in their impersonation scam. They contact the victim by posing as the CEO or senior officer of their company.In order to persuade the victim to transfer the funds, the fraudsters obtain personal information about the employees they are posing as by browsing their social media handles. They then create similar profiles and request immediate payments to some links citing their attendance at a crucial meeting or an issue with their previous phone number, according to the BPRD. Additionally, images of several WA accounts where similar attempts were attempted were shared in the notice. A particular concern over WhatsApp’s recently announced “screen share” feature was conveyed in the letter. According to the BPRD, “many frauds were observed in the past where scammers got victims’ screen access fraudulently to commit illicit activities.”It was further stated that con artists pose as representatives of banks, financial institutions, governments, and other organisations. After persuading the victim to share their screen, a malicious app or piece of software is “surreptitiously” installed on the device, compromising the victim’s private data, including passwords, bank account information, and banking services. The message advised customers to enable “two factor authentication,” or 2FA, on their WA account as part of the dos and don’ts. It also advised against returning calls or taking calls from unknown or suspect sources, as well as reporting and banning those numbers.The WhatsApp messaging app’s authorities have already been notified of this data breach incident. Official communications are sent to the relevant authorities for the same reason, since a number of government agencies and ministry representatives are already working on it.“Unknown communications on WhatsApp should be avoided as a precaution without first confirming their legitimacy. However, no suitable remedy to these issues has yet been identified,” the statement stated.
