MHA think tank alerts against ‘hijack’, sextortion, impersonation scams on WhatsApp

A police think tank that functions under the union home ministry has issued an advisory and alert against a variety of scams that take place on popular social media messaging platform WhatsApp leading to cyber crimes and financial frauds.

The Bureau of Police Research and Development (BPRD) has identified seven types of such frauds that includes tricking through missed calls, video calls, in the name of job offers and investment plans, impersonation, hijacking and screen share.

As part of the ‘hijacking’ scam, the eight page advisory-cum-alert said, the scammers take unauthorised access to the victim’s WhatsApp (WA) account and request money from their contacts.

”Some people also witnessed WhatsApp video calls from unknown numbers. These were basically sextortion-based nude video calls which were then used to threaten the user.” ”The hackers blackmail the user and ask for money in return,” the BPRD said in the communication accessed by PTI.

The BPRD is a think tank on policing subjects under the Ministry of Home Affairs (MHA).

WhatsApp, on its part, has launched a number of public message campaigns in the recent past to advertise to the public about the safety features brought in by the platform, owned by technology major Meta.

The BPRD said through missed calls made from numbers starting with country codes mostly belonging to Vietnam, Kenya, Ethiopia and Malaysia, the hackers use ‘code scripted bots’ to find active users and then target them for various cyber threats.

As part of the impersonation scam, the scammers contacts the victim pretending to be the CEO or senior officer of their organisation and target top management executives like CFO (chief financial officer), COO (chief operating officer), CTO (chief technical officer) and high-ranking police and government officers, it said.

The fraudsters get personal information of the personnel they are pretending to be by surfing their social media handles and create similar profiles and seek immediate payments to some links citing their occupancy at some important meeting or a problem in their old number in order to convince the victim to transfer the funds, the BPRD said.

It also published, in the alert, pictures of some WA accounts where such attempts were made.

The communication expressed a particular concern about a recently released feature of ‘screen share’ by WhatsApp.

”In the past, numerous frauds were witnessed where scammers get victims’ screen access fraudulently to commit illicit activities,” the BPRD said.

It added that scammers impersonate as officials from banks, financial institutions, government bodies etc., and once they convince the victim to share their screen, a malicious app or software is installed ”surreptitiously” and the victims sensitive information like bank details, passwords and banking services are compromised.

As part of the do’s and don’ts, the communication asked users to activate ‘two factor authentication or 2FA’ on their WA account while it suggested not replying and answering suspicious or unknown WA calls and reporting and blocking the numbers that approach the user.

”The officials associated with messaging app WhatsApp have already been informed for this data breaching act. As numerous government bodies and ministry officials are already working on it, official communications are sent to the concerned authorities for the same.” ”As a precautionary measure, unknown communications on WhatsApp without verifying their authenticity should be avoided. Still, any appropriate solution to such problems is not yet recognised,” it said.