Though not a new scam, just recently there’s been a new spate of WhatApp account thefts in the UK, Germany and other countries.
Police – and WhatsApp itself - are warning users not to send anyone the six-digit verification code that WhatsApp sends via text message when you set it up on a new phone.
Here’s how the scam works: a criminal takes control of a WhatsApp account belonging to one of your contacts. You then, mysteriously receive a message saying something like “Your WhatsApp code is: 581-332… Don’t share this code with others”
That’s because the criminal has used your phone number from the list of contacts in your friend’s account and is now trying to hijack yours.
You’ll then receive a message from the friend’s WhatsApp account (which the criminal has control of) saying “I’ve just sent a WhatsApp code to you by accident. Could you send it to me please? It’s urgent!”
Since the message is from someone you know and seems genuine – after all, you didn’t request a WhatsApp code and they seem to know about it – you’re fairly likely to forward that code, ignoring the “Don’t share this code with anyone” part of the message.
Once the criminal has this code, they can use it to set up your WhatsApp account on their phone, unless – that is – you’ve enabled two-step verification.
But, chances are, you haven’t because WhatsApp doesn’t prompt you to do so and not many people know that the security feature exists.
So, if you do send that six-digit code to your ‘friend’ you’ll almost immediately find you get logged out of your WhatsApp account because they’re now logged in.
How to recover a stolen WhatsApp account
If you do it straight away, there’s a good chance you can rectify your error quickly.
Just log back into WhatsApp by entering your phone number and you should receive a new six-digit code. Enter that and you’ll be back in control of the account.
However, delay and the criminal might enable two-factor authentication which means you won’t know the PIN code to key in when logging back into your account (after entering the six-digit code sent to you via SMS).
WhatsApp’s website isn’t particularly helpful here, as it states you need to wait seven days if you don’t know the 2FA verification code. But, the good news is that by entering the six-digit code, the criminal will have been logged out of your account and will be unable to sign back in.
Even so, it’s well worth going into the WhatsApp Web / Desktop menu in the app on Android or iOS and logging out of all computers, just to be certain you know you’re the only one using your account.
The advice, as with other scams on WhatsApp and – indeed – on other social platforms is to speak to the person the message appears to be from and check if it really is from them.
This is crucial whenever you receive a message from family or friends asking for money, or for your bank or card details. If it’s genuine, they’ll know about it and they’ll be able to confirm the message is genuine.
If not, you’ll know something’s up and you can avoid losing out.