SINGAPORE: Scammers have come up with a new way to cheat people with a gold bar scheme using compromised WhatsApp accounts, Singapore police warned on June 2.
They added that the accounts had been hacked using a voicemail method.
In this new scam variant, the crooks pretend to be a friend of a victim by using a hacked WhatsApp account belonging to the friend and then communicating with the victim through the messaging service.
Posing as the friend, the scammers tempt the victim into buying gold bars they claim are being sold at 30% below the market rate.
The crooks explain that the gold bars are being sold cheaply because they were seized by the Immigration and Checkpoints Authority or Singapore Customs, and were being auctioned off.
A fake invoice supposedly issued by Singapore Customs is provided and the scammers instruct the victims to transfer payment for the gold bars to a list of bank accounts.
Sometimes, the victims are told to meet the scammers to collect the gold bars.
The victims realise they have been duped only when they do not receive the gold bars, or when they find out that their friend’s WhatsApp account had been hacked.
The police said a scammer can hack into a WhatsApp account by using a voicemail method.
The scammer tries to log into a victim’s WhatsApp account on his own device, and then deliberately fails the verification process by keying in the wrong six-digit verification codes repeatedly.
When the verification fails repeatedly, WhatsApp will prompt the victim to perform a voice verification.
It will do this by calling the victim’s phone number to provide the verification code in an audio message.
If the victim ignores the call or if his or her phone is not switched on, the audio message is directed to the victim’s voicemail account, if he or she has voicemail enabled.
The scammer will then seize this opportunity to access the victim’s voicemail account remotely by using the default PIN used by telecoms service providers.
This works only if the victim has enabled voicemail and has not changed the default PIN for the voicemail account.
After accessing the voicemail account, the scammer can get the six-digit verification code from the audio message in the voicemail and use that to take over the victim’s WhatsApp account.
Once in control of the account, the scammer can enable a two-step verification process to prevent the victim from regaining control of his WhatsApp account.
This new scam variant comes amid a rise in scams in Singapore.
A total of 15,756 scams were reported in 2020 – a 65.1% jump in cases from the 9,545 reported in 2019.
E-commerce scams, which rose by 19.1% last year, were the most commonly reported type of scam last year.
The police advised the public to be wary of unusual requests they get over WhatsApp, even if sent by people in their WhatsApp contacts list.
Always call friends who presumably sent the requests to verify their authenticity, but do not do so through WhatsApp, as their accounts might be under the control of scammers, said the police.
And if prices are too good to be true, they probably are, so buy only from authorised sellers or reputable sources, especially for high-value items.
To prevent their WhatsApp accounts from being hacked, the police said that people can enable two-step verification under “account” in their WhatsApp settings.
Members of the public should also contact their telecoms service providers to change their voicemail account’s default PIN or to deactivate the voicemail feature. – The Straits Times (Singapore)/Asia News Network