UPDATE: RCIPS Issues Renewed Warning On WhatsApp Take-Over Scam
UPDATE (20 September):
The RCIPS has recently received a significant increase in reports of persons falling victim to a WhatsApp Account Take-Over Scam which continues to circulate. In previous advisories members of the public were advised on the means by which the scam works. In the most recent reports, victims have received telephone calls from “local” (345) numbers. These numbers have been spoofed, which means that they originate from overseas, but have been programmed to appear as local numbers. Victims have also reported the caller speaking with an African accent.
The caller will then convince the victim to click on a link that is sent to them, this link will then grant access to the victims’ WhatsApp account. Victims may also be asked to confirm their 6 digit WhatsApp verification code.
The RCIPS is reminding the public to be wary of unsolicited links, and to never send their WhatsApp code to another person.
UPDATE (9 August):
The RCIPS and Cayman Islands Government Information Security Office remain aware of a WhatsApp Account Take-Over Scam which is currently circulating. Despite previous advisories, reports continue to be received of persons becoming victims of this scam.
If you fall victim to this scam, you will lose control of your WhatsApp account and the scammer will be able to send messages to any of your contacts, purporting to be you, until such time as the account can be recovered.
How the Account Takeover Scam Works:
1. The victim may be sent an SMS Text Message or WhatsApp Message or receive a Telephone call from an unknown mobile number or purporting to be somebody that is known to the victim.
2. There have been reports of scammers using AI technology to imitate a person’s spoken voice; this is often referred to as Deep-Fake Audio.
3. The message received by the victim, will be designed to be deliberately alarmist and require immediate action.
4. The message will be asking the user to provide their WhatsApp 6-digit verification code.
5. After providing the scammer with the 6-digit verification code, the victim would lose access to their WhatsApp account.
6. Thereafter, the scammer will have complete control of the victim’s WhatsApp account and will be able to pretend to be the victim and send messages to the victim’s contact for the purpose of deception and fraud.
Action Required:
1. Please remain vigilant to this Scam.
2. If you receive a message that appears to be suspicious, you should never:
a. respond to suspicious messages
b. open any attachments
c. click on any link contained within the message
d. generate and send your WhatsApp 6-digit code to any person
UPDATE (16 July):
The RCIPS continues to receive reports of a WhatsApp scam circulating in the Cayman Islands, where the culprits gain access to the victim’s contact list. The culprits then pose as the victim and send messages to their contacts, requesting urgent financial assistance.
Often, persons only become aware that they are affected when they are contacted by persons who have received such requests for assistance. If you are aware that you are affected by this scam, the RCIPS advises that you let all your contacts know that these messages are not coming from you, and that they should avoid sending any money.
The general public is advised that they should be very wary of requests for money made via WhatsApp, even if they seem to be coming from friends. It is best to make contact with the person who appears to be making the request, via some other method, such as a phone or video-call, or in-person, to verify the request.
Initial Release (11 July):
The RCIPS Cybercrime Unit have been made aware of a WhatsApp scam circulating in the Cayman Islands.
The victim will receive a call or a WhatsApp message inviting them to join a WhatsApp group. If they join the group by clicking the link they may have their contacts accessed by the scammers.
Messages are then sent to all the victim’s contacts stating that the victim is in desperate need of money and providing links to send money. The RCIPS are aware that in some cases money has been sent. The scammers have targeted existing groups associated with agencies in the Cayman Islands.
The RCIPS would like to remind the public not to click on any link they are sent until they are certain it is legitimate, and not to join any WhatsApp groups for which they are not expecting an invite.