WhatsApp Hacking: How It Happens and Ways to Stay Safe
In this edition of our online safety series, we explore WhatsApp hacking—how cybercriminals gain access, why they do it, warning signs to look out for, and most importantly, how to protect your account.
A Shocking WhatsApp Hack Experience
Shantanu Gupta, a well-known author and political analyst, was traveling by train last week when he experienced an unusual event—someone attempted to hijack his WhatsApp account.
“Around 10 AM, my WhatsApp started logging in and out on its own—something I had never seen before. Then, suddenly, I was logged out completely. It looked like someone was trying to use my account from another device. After several failed login attempts, WhatsApp blocked further attempts for four hours. In that time, the hacker took control of my account,” Gupta explained.
He was shocked at how easily his account was taken over. “All they needed was my phone number and access to the voice OTP. Once they got that, they could set up WhatsApp on another device,” he said.
What concerned him even more was how effortlessly the hacker managed to forward his call to their number. This allowed them to hear the voice OTP that WhatsApp sent for verification. “It’s worrying that my mobile service provider didn’t ask for confirmation or send me a warning before allowing such an important call to be redirected,” he added.
A WhatsApp Scam in Action
Gupta was traveling with his wife when hackers gained control of his WhatsApp account. They immediately started messaging his contacts—including friends, family, and even his wife—asking for money. Within minutes, his phone was flooded with calls and messages from concerned people. Realizing what had happened, he quickly turned to other social media platforms to warn everyone that his account had been hacked.
Though he managed to regain access within a few hours with assistance from the Noida police, the damage was already done. He went through hours of stress, and his credibility was at stake.
Gupta was extremely frustrated with both Meta and his mobile network provider, Airtel. In just a few hours, hackers had sent out hundreds of messages requesting money, yet Meta failed to detect the unusual activity. He was even more frustrated by the lack of direct support from Meta. “If there’s a suspicious transaction in my bank account, I can immediately call my bank for help. But with Meta, where do I go? There’s no helpline, no customer support. I had no choice but to wait for four hours and hope to regain access,” he said.
He was also disappointed with WhatsApp. “Why doesn’t WhatsApp have a system in place to flag repeated use of words like ‘UPI’ and ‘money’ in a short period?” he questioned.
Gupta was equally upset with Airtel for allowing call forwarding without verification. “If my mobile provider can block spam calls, why can’t they stop unauthorized call forwarding for voice OTPs?” he asked.
Now, Gupta strongly advises everyone to enable two-factor authentication on WhatsApp. For iPhone users, he recommends turning on ‘lockdown mode’ in security settings to prevent unauthorized device linking.
A Strange Case of Repeated WhatsApp Hacking
Manish (name changed) has been dealing with a strange issue for the past week. Every night, someone seems to take control of his WhatsApp account. By morning, he requests a review from WhatsApp and regains access, but the cycle repeats.
While he is asleep, unusual activities take place—multiple WhatsApp groups are created using his number. The strange part? He doesn’t recognize any of the members, and none of their numbers are saved in his contacts. His mornings now start with deleting these unknown groups.
Even after enabling two-factor authentication, the issue hasn’t been resolved. Frustrated and out of options, Manish has finally decided to report the matter to the police.
How Hackers Gain Access to WhatsApp Accounts
🔹 OTP Phishing Scams
One of the most common methods hackers use is tricking users into sharing their six-digit verification code. Scammers often pose as WhatsApp support, friends, or even delivery agents to convince users to provide the code. Once they get access, they can take over the account immediately.
🔹 SIM Swapping Attacks
In this method, hackers trick mobile network providers into issuing a new SIM card for your phone number. Once they activate the new SIM, your number stops working on your device, and they can use it to log in to your WhatsApp. This allows them to access your chats and contacts.
🔹 WhatsApp Web Exploitation
If an attacker gains temporary access to your phone, they can scan the QR code to link your WhatsApp to their computer. Once linked, they can continue using your account without needing your phone. Many users fail to check their linked devices, making this a dangerous exploit.
🔹 Call Forwarding Scam
Hackers use clever tricks to gain control of your WhatsApp by redirecting your phone calls. They may call pretending to be a customer service agent and ask you to dial a specific number to activate a ‘service.’ However, this forwards your calls to the hacker’s phone. When WhatsApp calls you with an OTP for verification, the hacker intercepts it and hijacks your account.
🔹 Malware & Spyware Attacks
Cybercriminals often use malicious software disguised as legitimate apps or links. Once installed, these programs can steal your WhatsApp data, access your contacts, and even send messages on your behalf. Clicking on unknown links or downloading apps from unverified sources can put your device at risk.
Signs Your WhatsApp Account Might Be Hacked
🚨 Unexpected Logouts—If you get logged out of WhatsApp and receive a message saying your account is being used on another device, this is a red flag.
🚨 Messages Sent Without Your Knowledge—If your contacts receive messages from you that you didn’t send, a hacker may be controlling your account.
🚨 New Linked Devices in WhatsApp Web— If you see an unfamiliar device connected to your WhatsApp Web, someone might have accessed your account.
🚨 Unusual Account Activity—If you notice strange behavior, such as missing messages or changes in your profile details, take immediate action.
How to Secure Your WhatsApp Account
✔ Enable Two-Step Verification
Go to WhatsApp settings and activate two-step verification. This requires a PIN along with the OTP, making it harder for hackers to access your account.
✔ Never Share Your OTP
WhatsApp will never ask for your verification code. If someone requests it, they are likely a scammer.
✔ Check Active Sessions
Regularly review your linked devices in WhatsApp Web and log out of unknown connections.
✔ Avoid Unknown Links & Downloads
Do not click on suspicious links or download files from unverified sources, as they may contain malware.
✔ Secure Your SIM Card
Contact your mobile provider to enable SIM security features, such as PIN protection, to prevent unauthorized SIM swaps.
✔ Be Cautious with Calls & Messages
Never merge calls with unknown numbers, and avoid requests to dial strange codes.
✔ Report & Recover Your Account
If you believe your account has been hacked, immediately contact WhatsApp support and reset your account using your phone number.
By staying informed and following these security measures, you can protect your WhatsApp account from hackers and cyber threats.
Stay Alert and Protect Your WhatsApp Account
A Meta spokesperson addressed the issue in an email, stating, “WhatsApp is constantly improving its security features to help users stay safe from online scams. We strongly advise users never to share their six-digit PIN with anyone, including close friends or family. Enabling two-step verification adds an extra layer of protection. Features like ‘silence unknown callers’ can help block spam and scam calls. Additionally, we have launched awareness campaigns like ‘Scams Se Bacho’ to educate users and are working with the Safer Internet India coalition to tackle cyber fraud.”
Signs That Your WhatsApp May Be Hacked
Cybercrime expert Shiv Raj, Additional Superintendent (ASP) of Banda district and a PPS officer of the Uttar Pradesh Police has warned users to watch out for these warning signs:
📌 Getting a WhatsApp verification code when you didn’t ask for it
📌 A friend or someone you know requesting your OTP
📌 Being logged out of WhatsApp unexpectedly
📌 A notification stating that your WhatsApp number has been registered on another device
He strongly advises users to avoid clicking on suspicious links or sharing OTPs. “Be careful online. Don’t trust strangers without proof. Think before you share or click. Always follow a zero-trust policy and never share your device or personal information with anyone,” he added.
Ways to Keep Your WhatsApp Secure
📌 Avoid merging calls with unknown numbers
📌 Verify caller identities before sharing any details
📌 Do not share personal information on WhatsApp, even in private chats
📌 Stay cautious and avoid clicking on suspicious links
📌 Never disclose OTPs received on your phone
📌 Activate two-step verification for added security
📌 Set up a SIM PIN to prevent unauthorized number transfers
📌 Check WhatsApp Web regularly for unknown linked devices
📌 Enable biometric lock (Face ID or fingerprint) for extra protection
📌 Adjust privacy settings to hide your profile picture and last seen from strangers
📌 If you receive an unexpected OTP, call 1930 (National Cybercrime Helpline) immediately
The Safe Side: Stay Alert in the Digital Age
As technology advances, cybercriminals are finding new ways to exploit users. Scammers use sophisticated tricks to gain access to personal data. The Safe Side is a dedicated series aimed at exposing the latest online fraud tactics and offering practical security tips. Stay informed, stay safe, and stay one step ahead of cyber threats!
