A new WhatsApp scam has emerged, locking users out of their accounts and preventing access to vital messages, contacts, photos, and files. As of March 25, 2025, cybercriminals are employing a social engineering tactic that exploits victims’ trust, leading not just to personal losses but also targeting the friends and family of those who have been compromised.
The scam starts when a victim receives a WhatsApp message from a known contact, falsely claiming that a One-Time Password (OTP) was sent by mistake. The sender, impersonating a trusted individual, requests the recipient to forward the OTP, which is a critical step in enabling the scam.
The process unfolds as follows:
- The Initial Contact: A user receives a message from a trusted friend stating, “An OTP was sent by mistake—please forward it to me.”
- The Deception: Because the message appears legitimate, the victim unknowingly complies with the request, disclosing their OTP.
- The Account Takeover: With this OTP, the scammer gains complete access to the victim's WhatsApp account, effectively locking the real owner out.
What’s truly alarming is that the attacker not only compromises the victim’s account, but they can also exploit it to target others within that user’s contacts, continuing the cycle of deception.
This technique is a notable form of phishing, where social engineering is leveraged against unsuspecting users. Once access is secured, the hacker generates an OTP linked to the victim’s phone number and tricks them into sharing it, thus transferring control of the account. By the time victims realize they’ve been hacked and report the issues to Meta or the relevant authorities, it's often too late, as numerous accounts may have been compromised.
In parallel with this sinister pattern, other scams are circulating linked to the ongoing IPL 2025 season. Users have reported an influx of spam messages claiming to offer bets on IPL matches, exploiting the excitement surrounding the tournament. These scams are further characterized by messages from international numbers, often targeted at promising users high returns and instant withdrawals connected to gambling.
Amid this wave of scams, WhatsApp users are urged to recognize the signs and protect themselves. Here are some critical safety measures:
- Never share OTPs: Remember, OTPs are confidential codes intended solely for your use.
- Ignore unexpected requests for OTP: If you didn’t ask for an OTP, let it expire and do not send it anywhere.
- Verify with known contacts: If someone claims to be your friend asking for an OTP, reach out to them via different platforms to confirm the request.
- Enable Two-Step Verification: Adding an extra layer of security in your WhatsApp settings can help depending on unauthorized access.
- Report suspicious activity: Promptly alert WhatsApp support and notify your contacts if you suspect something is off.
Furthermore, with scammers promoting online gambling and betting platforms through forwarding messages, users are cautioned to steer clear of any links urging them to register on such platforms that promise unrealistic financial gain.
A message often circulated reads: “You’re a lucky NN7 user! High Returns + 24x7 Withdrawals Exclusive Offers! Register and Get Rs 388 balance Join now.” Such offers often redirect users to groups claiming to provide betting information but instead are ways to extract personal data and financial information.
So, as IPL 2025 unfolds, vigilance is critical. Users must refrain from clicking on dubious links and remain cautious about sharing personal details. Scammers thrive on urgency and familiarity, making it all the more important that users are aware of these tactics to safeguard their personal information from harm.
In conclusion, WhatsApp users need to stay alert against these social engineering scams that can have detrimental effects not only on individual users but also their networks. By adhering to recommended safety precautions and remaining skeptical of unsolicited requests, users can significantly decrease their risk of falling victim to such deceptive practices.
As the landscape of cyber threats evolves, the necessity for education around these scams cannot be overstated. Staying informed and cautious will be crucial in navigating the intricate web of social media communication securely.
