Copyright thehindu
WhatsApp, once merely a social media platform for communication, has evolved into an essential part of daily life — extending its reach from personal messaging to business coordination and even official communication such as service of summons. However, the increasing reliance on the app has also exposed users to new forms of cyber threats, police said. Despite its end-to-end encryption, WhatsApp is witnessing a surge in hacking-related scams that exploit user negligence. In Tamil Nadu alone, the Cyber Crime Wing has recorded over 3,000 such complaints in 2025. Additional Director General of Police, Cyber Crime Wing, Sandeep Mittal said, “Being an end-to-end encrypted message medium, any careless or negligible usage costs huge sums of money, reputational damage, emotional stress and even life as a penalty. Recently, we have seen an increase in WhatsApp hacking scams.” There is no uniform modus operandi in WhatsApp hacking scams. But all the common tactics involve a mix of technical tricks and convincing users their actions are harmless or even necessary. A common approach is an OTP/verification-code scam, where the scammers trick a target into revealing the 6-digit SMS or in-app code that WhatsApp sends during login. This is typically done by phone calls or chat messages pretending to be tech support, a bank, or even a friend asking - “I didn’t get the code — please forward it.” A new wave of targeted WhatsApp fraud uses fake RTO (Regional Transport Office) challan messages to trick vehicle owners into installing malicious software. The message looks alarmingly real which includes the victim’s vehicle number, a brief description of the alleged offence, and a clickable “pay challan” link. Because traffic fines are time-sensitive and many people treat RTO notices as official, recipients often act quickly without pausing to verify the source, an officer of the Cyber Crime Wing explained. As soon as the user taps the link, he/she is prompted to download an Android APK file. Once installed, the app requests intrusive permissions (access to SMS, contacts, notifications, or accessibility services). Those permissions allow the malware to read one-time passwords (OTPs), capture verification messages, capture personal contacts and messages. Also, the contacts are used for unauthorized transactions or to impersonate the victim to defraud their contacts. The scammers often abuse the trust of group chats and contact lists to propagate payment requests, fake invoices. “Tamil Nadu Cyber Crime Wing has received around 3,161 complaints in 2025 on the WhatsApp Hacking scam and this scam can be easily prevented when our common sense is applied. Certain measures can easily safeguard people from such scam,” said Mr. Mittal.
