A new wave of fraud is targeting German-speaking WhatsApp users with fake SMS. The attackers use a technique called Sender ID Spoofingto impersonate an official messenger service. The perfidious scam: The phishing messages appear in the same message stream as real WhatsApp codes.
The SMS warns of alleged “illegal activity” on the account and threatens immediate blocking. A link should solve the problem. Experts strongly warn against clicking this. The fake sender ID “WhatsApp” makes the message deceptively real.
The trick is based on a vulnerability in the SMS protocol. The sender ID is just a simple text that criminals can forge using special gateways. If a victim clicks on the link, they end up on a deceptively real phishing website.
Advertisement
Fake SMS and sender ID spoofing like the ones in this article are one of the most common phishing methods – often all it takes is one click to give criminals access to your account. The free anti-phishing guide explains in 4 clear steps how to recognize phishing messages, check links, secure linked devices and carry out correct reporting steps. He also looks at AI-supported chatbots, shows typical conversation traps and provides reporting templates for the police and providers. Practical checklists will immediately help you protect your account. Download the anti-phishing package for free now
One takes over there AI-powered chatbot the communication. He poses as WhatsApp support and guides the victim through an alleged verification process. In the crucial step, he asks you to enter a six-digit code.
In reality, this is the code to link WhatsApp on a new device. If you enter it, the fraudsters will have full access to your account. You can read all chats and send messages on your behalf.
The consequences are serious
After a successful takeover, the victims are locked out. The criminals use the compromised account to spread the scam. You write to friends and family from your contact list.
Fraud attempts such as the well-known “Hello Mom, Hello Dad” scam often follow. Since the messages come from a trusted contact, the success rate is high. The victims cannot stop the abuse.
How to protect yourself from spoofing attacks
Security experts recommend these simple but effective measures:
- Be fundamentally skeptical: WhatsApp does not warn you about account suspensions via SMS with links. Such notifications usually come from the app itself.
- Do not click on any links: Ignore links in suspicious text messages – no matter how genuine the sender appears.
- Enable two-factor authentication (2FA): This PIN in WhatsApp settings protects your account in addition to the SMS code.
- Check linked devices: Check regularly in the settings under “Linked devices” whether unknown sessions are active. Remove these immediately.
- Report scams: Delete suspicious text messages, block the number and report it to the police.
