A recent security report highlights a growing trend of hackers taking control of WhatsApp accounts without using complex coding or password-cracking tools. Instead, these attackers rely on social engineering, which involves tricking people into giving up access voluntarily. One common method involves the hacker pretending to be a friend or a support representative who claims to have sent a code to the user by mistake. If the user shares this code, the hacker can immediately register the account on their own device and lock the original owner out.
Another clever technique involves the use of a phone’s voicemail system. When a user is prompted to verify their WhatsApp account, they can choose to receive a phone call instead of a text message. If the user does not answer the call, the verification code is often left as a recording in their voicemail. Many voicemail systems use weak default passwords that are easy for hackers to guess or bypass. Once the hacker listens to the recorded code, they gain full access to the account, bypassing the need for any traditional authentication from the user’s side.
What happens when a WhatsApp account is hacked?
When a hacker successfully hijacks a WhatsApp account, the primary goal is often to target the victim’s contacts. The attacker can send messages to friends and family members asking for money or sharing malicious links, appearing as a trusted person. Because the messages come from a real account, people are much more likely to fall for the scam. This creates a chain reaction where one stolen account can lead to dozens of others being targeted within the same social circle.
Recovering a hijacked account can be a slow process. Users must re-register their phone number on WhatsApp, which often triggers a waiting period if the hacker has already enabled two-step verification on their end. During this time, the hacker maintains control over the messages and groups. Security researchers emphasize that being aware of these methods is the first step in staying safe. Avoiding the sharing of verification codes and ensuring that voicemail accounts have strong, unique passwords can prevent these specific types of attacks from succeeding.
Release and pricing information
While the app remains free to use for personal messaging, some specialized security hardware, such as physical security keys, can be purchased from third-party retailers for extra protection. These devices typically range in price from $25 to $70 depending on the brand and connection type. For most users, enabling the free two-step verification feature within the WhatsApp settings menu is considered sufficient to block most social engineering attempts. This requires a person to enter a custom six-digit PIN whenever they register their phone number with the app again.
