Andorra Warns of WhatsApp and Signal Verification Code Scam
Scammers pose as contacts to trick users into sharing SMS PINs, granting account access.
Key Points
- Scam starts with 'Hola' from fake known contact, asks to forward SMS PIN.
- Sharing code gives scammers full access to chats, contacts, data.
- Legit apps never request codes via unofficial channels; report in-app.
- Enable 2FA, verify requests via other means; alert issued March 17, 2026.
Andorra's National Cybersecurity Agency (ANC-AD) has warned of a fresh scam targeting WhatsApp and Signal accounts, urging users not to share verification codes received via SMS.
The phishing attempt, which has primarily affected individuals with Spanish phone numbers, begins with a simple "Hola" message appearing to come from a known contact. Victims then receive follow-up requests from the same supposed acquaintance, asking them to forward a PIN code that arrived by text, claiming it was sent to them in error.
By sharing the code, users unwittingly hand over control of their messaging accounts to the scammers, who can then access chats, contacts and personal data.
The ANC-AD emphasised that legitimate services like WhatsApp and Signal never request verification codes through unofficial channels. Users should ignore such demands and report suspicious activity directly within the apps.
This latest ploy follows a pattern of social engineering tactics seen in previous campaigns, though authorities have not specified the exact scale or origin of the current wave. The agency advised enabling two-factor authentication where possible and verifying any unusual requests with contacts through alternative means.
No further details on affected numbers or arrests have been released as the alert was issued on 17 March 2026.
Original Sources
This article was aggregated from the following Catalan-language sources: