Hacked WhatsApp accounts used to lure gold scam victims

Scammers pose as friends of victims and tempt them into buying gold bars at an attractive rate

Scammers have come up with a new way to cheat people, with a gold scheme using compromised WhatsApp accounts, the police warned yesterday.

They said the accounts had been hacked using a voicemail method.

In this new scam variant, the crooks pretend to be a friend of a victim by using a hacked WhatsApp account belonging to the friend and then communicating with the victim through the messaging service.

Posing as the friend, the scammers tempt the victim into buying gold bars they claim are being sold at 30 per cent below the market rate.

The crooks explain that the gold bars are being sold cheaply because they were seized by the Immigration and Checkpoints Authority or Singapore Customs, and were being auctioned off.

A fake invoice supposedly from Singapore Customs is provided and the scammers tell victims to transfer payment for the gold bars to a list of bank accounts. Sometimes, the victims are told to meet the scammers to collect the gold bars.

The victims realise they have been duped only when they do not receive the gold bars, or when they find out that their friend's WhatsApp account had been hacked.

The police said a scammer can hack into a WhatsApp account by using a voicemail method.

The scammer tries to log into a victim's WhatsApp account on his own device, and then deliberately fails the verification process by keying in the wrong codes repeatedly.

When the verification fails repeatedly, WhatsApp will prompt the victim to perform a voice verification. It will call the victim's phone number to provide the verification code in an audio message.

If the victim ignores the call or if his phone is not switched on, the audio message is directed to the victim's voicemail account.

  • 15,756 Total number of scams reported in 2020 - a 65.1 per cent jump in cases from the 9,545 reported in 2019.

The scammer accesses the victim's voicemail account remotely by using the default PIN used by telecoms service providers.

This works only if the victim has enabled voicemail and has not changed the default PIN for the voicemail account. The scammer can then get the verification code from the audio message in the voicemail and use that to take over the victim's WhatsApp account.

A fake invoice supposedly from Singapore Customs is provided and the scammers tell victims to transfer payment to a list of bank accounts. PHOTO: SINGAPORE POLICE FORCE

Once in control, he can enable a two-step verification process to prevent the victim from regaining control of his WhatsApp account.

This new scam variant comes amid a rise in scams here. A total of 15,756 scams were reported in 2020 - a 65.1 per cent jump in cases from the 9,545 reported in 2019.

The police advised the public to be wary of unusual requests over WhatsApp and verify them - even if sent by people in their WhatsApp contacts list - by calling the contacts, and not using WhatsApp to do so.

They should buy only from authorised sellers or reputable sources.

To prevent their WhatsApp accounts from being hacked, the police said people can enable two-step verification under "account" in their WhatsApp settings.

They should contact their telecoms service providers to change their voicemail's default PIN or to deactivate the voicemail feature.

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on June 03, 2021, with the headline Hacked WhatsApp accounts used to lure gold scam victims. Subscribe