KUALA LUMPUR: Scammers in Malaysia are circulating malicious links disguised as wedding invitations to hijack WhatsApp accounts and deceive victims’ contacts into sending money, according to the Malaysian Chinese Association (MCA) Public Services and Complaints Department.
At a press conference on Nov 25, department head Datuk Seri Michael Chong said the issue came to light after he received a suspicious wedding invitation message from a number belonging to Strata Owners Association Malaysia president Theng Book.
Mr Theng, speaking at the event, said he lost access to his WhatsApp account after clicking a similar link that had been forwarded to him by a retired police officer.
“After clicking the link, all incoming WhatsApp calls were diverted to the scammers. They took control of my account and began messaging my contacts while pretending to be me,” he said.
He added that the scammers used his name to spread the fake wedding link further and to solicit money from people in his contact list.
“At least one of my contacts transferred about RM3,000, thinking they were helping me with a personal loan,” Theng said. He eventually regained control of his account after reformatting his phone, a process that took nearly 24 hours.
Datuk Seri Chong warned that scammers are becoming increasingly sophisticated and often target well-known individuals to access larger contact networks.
“People now need to call their friends and family to verify any unexpected links before opening them,” he said.
🔍 HackWarn.com Analysis
Why This Scam Works
1. Trust Exploitation
The message appears to come from a familiar contact, making victims more likely to click without suspecting danger.
2. Social Engineering Using Emotional Triggers
Wedding invitations are personal, urgent and emotional, making them highly effective clickbait.
3. Account Takeover via Malicious Link
Once the link is clicked, scammers can intercept verification codes and hijack the victim’s WhatsApp account.
4. Impersonation to Request Money
After gaining access, scammers quickly message the victim’s contacts, pretending to be them and ask for money under believable circumstances.
5. Targeting High-Profile or Well-Connected Individuals
People with larger contact lists community leaders, public figures, business owners, give scammers more victims to exploit.
🚨 Immediate Action Steps for the Public
1. Never Click on Unexpected or Strange Links
Especially links disguised as:
- Wedding invitations
- Event cards
- Parcel deliveries
- Prizes or promotions
Always confirm with the sender before opening.
2. Activate WhatsApp Two-Step Verification
Enable:
- 6-digit security PIN
- Email backup
Read here How to Activate WhatsApp Two-Step Verification
This prevents scammers from taking over your account even if they obtain your verification code.
3. Do Not Share OTP or Verification Codes
No legitimate platform or friend will ever ask for:
- WhatsApp 6-digit code
- SMS verification code
- Login PIN
If someone asks, it’s a scam.
4. If Your WhatsApp Is Hijacked
Take action immediately:
- Try logging back in repeatedly
- Do not reinstall until you receive a reset opportunity
- Inform your contacts via SMS/phone call
- Report the scam to WhatsApp support
- File a police report if money is involved
5. Educate Friends, Family & Elderly Relatives
Older adults and non-technical users are top targets.
Teach them to:
- verify any unexpected link
- avoid forwarding unknown messages
- call the sender before clicking
6. Be Cautious With “Forwarded Many Times” Messages
Most scam links spread through forward chains. Delete them immediately.
