Don’t let cybercriminals hijack your WhatsApp account – watch out for this scam

As the heightened dependency on digital communications multiplies due to the pandemic, cybercriminals are exploiting this dependence as people spend more and more time on digital devices, particularly their mobile phones. Hackers are attempting to hijack WhatsApp accounts to defraud your friends, family and colleagues by sending fake messages requesting emergency money transfers or soliciting sensitive information from business-related WhatsApp groups.


Your WhatsApp account is linked to your phone number (your unique identifier) and the app can only be on one device at a time. If you need to change your phone or re-install the app, WhatsApp needs to verify that the new device is linked to your phone number. It does this by sending a verification SMS with a six-digit code. Once you enter this code, the new installation of WhatsApp is enabled, and this new device becomes the device that will receive and send all your WhatsApp messages.

Cybercriminals use social engineering tactics to obtain your verification code by pretending to be someone you trust.

Example – this could arrive from one of your contacts: “my SMS isn’t working, WhatsApp needs to send a code and can’t, so I’ve asked them to send it to you instead. Please forward it on.”

Important to note: if an attacker knows your phone number and can get your verification code, they can hijack your account and install your WhatsApp on their device, even though their device has a different phone number to your own.


1) Be vigilant and never share your verification code with anyone, not even friends or family. It could be a cybercriminal who may have already compromised their WhatsApp accounts and is now trying to compromise yours!

2) Be alert to messages claiming to come from “WhatsApp Technical Support” requesting this verification code.

3) MOST IMPORTANTLY – Set up Two-Step Verification on your WhatsApp account:

  • Open the app, go to Settings/Account/Two-Step Verification and click on Enable
  • Enter a six-digit code that you won’t forget (memorise this code as you will need it in the future)
  • Enter your email address as an extra failsafe
  • Finally, you’ll see confirmation of two step verification set up on your phone, so it will be far more difficult for someone to hijack your account or transfer your messages to another device

You’ll be asked to enter your PIN at random times when you open WhatsApp – small inconvenience but worth keeping your account safe.

If you suspect someone else is using your WhatsApp account, notify family and friends as this individual could impersonate you in chats and groups. Block your account by sending an email to WhatsApp  with the subject “Lost/Stolen: Please Deactivate My Account”.

If you are concerned that any business-related information may have been compromised, please report this to your Cluster Business Information Security Officer.