Researchers at Bitdefender have identified one of the largest online fraud campaigns of 2026, targeting over 1 million people in Romania, according to Wall-Street.
The attack uses SMS messages impersonating FAN Courier and directs victims to a fake website where they are tricked into providing WhatsApp verification codes, allowing attackers to hijack their accounts.
How the scam works
Read also: Decathlon to expand Bucharest network with new store in Plaza România
Victims receive a message about a supposed delivery and are asked to select a locker. The link leads to a fake website mimicking the courier’s interface.
Meanwhile, attackers attempt to re-register the victim’s WhatsApp account on another device. The verification code sent to the victim is then requested on the fake page. Once entered, attackers gain full account access.
The campaign relies on social engineering, not malware.
What happens next
Once in control, attackers contact the victim’s contacts, sending urgent money requests, often promising quick repayment.
Because messages come from trusted contacts, recipients are more likely to comply, generating financial gain for attackers.
Warning signs and protection
Bitdefender highlights key red flags: suspicious links, unknown numbers, and requests for WhatsApp verification codes.
Users are advised to avoid clicking on unexpected SMS links, verify courier services manually, and enable two-step verification.
Any financial request should be confirmed through direct communication.
Immediate steps if compromised
Users should re-register their number on WhatsApp and notify contacts immediately. If two-step verification has been activated by attackers, recovery may require additional security procedures.
Photo: freepik.com
UK
IT
ES
DE
FR
RO
PT
HU
