Islamabad: An alarming surge has been recorded in incidents where citizens’ WhatsApp accounts are being hacked via phone calls to extort money from their contacts.
Fraudsters have now adopted sophisticated new tactics to trap unsuspecting users.
In several recent cases, scammers call citizens posing as representatives of well-known courier companies, claiming that a parcel has arrived for them.
To “verify” the delivery, they ask the citizen for a short code sent to their phone, falsely labeling it as a “parcel tracking ID.”
Unaware of the trap, citizens share this code, which is actually their WhatsApp One-Time Password (OTP).
Sharing this code instantly hands over complete control of the WhatsApp account to the hacker, locking the original user out.
Once they gain control, the scammers message the victim’s contact list, manufacturing fake emergencies to urgently demand financial help via digital wallets like JazzCash or EasyPaisa.
Millions of rupees have already been looted through this scheme in recent days.
Cyber scams have evolved into highly sophisticated operations, frequently utilizing social engineering tactics like fake courier calls, lottery wins, or urgent bank verifications to exploit human trust.
Driven by the rapid expansion of digital banking and mobile wallets, criminals manipulate victims into sharing One-Time Passwords (OTPs) or clicking malicious links, resulting in swift financial theft and identity hijacking. Because scammers routinely cycle through burner SIM cards and temporary accounts, post-incident tracking remains a major challenge for law enforcement.
Consequently, proactive prevention is the most effective shield against cyber fraud.
Citizens must strictly enforce a zero-trust policy regarding sensitive data: never share OTPs, passwords, or activation codes with anyone, regardless of who they claim to represent.
Furthermore, enabling Two-Step Verification on communication apps like WhatsApp and banking portals adds a vital layer of defense, ensuring accounts remain secure even if an initial password or code is compromised.
