iPhone users no longer immune as cyber fraudsters exploit new vulnerability

The Hyderabad police on Wednesday issued an alert for a device-neutral cyber fraud. This fraud targets even iPhone users who had remained unaffected by .apk frauds. The new scam exploits the call-forwarding features to hijack WhatsApp accounts and dupe contacts for money.

The caller, speaking with calm urgency, claims to be from a courier company. “Our delivery agent is waiting right outside your door. Please type this code to verify your parcel,” the voice insists. The victim, unsuspecting and perhaps in a hurry, obediently keys in the digits: *21number#, unaware they’ve just handed over control of their phone. Within minutes, the conmen gain control of the WhatsApp account.

Using the trick, fraudsters redirect the victim’s calls to their device. The fraudster installs WhatsApp on another device using the victim’s number, opting for a call-based verification instead of an SMS. Since the call now forwards to them, the process goes through seamlessly. Before the victim even realises what’s happening, the scammer activates two-factor authentication, locking the real owner out for good.

Moments later, the victim’s contacts begin receiving messages from their number: “I’m in an emergency. My number isn’t working, please transfer some money to this number/account.” When they try to call, the number is unreachable. Several end up sending money, convinced their friend is in trouble.