Here is some useful information on what to do if you have had your Whatsapp account stolen. And how to prevent it. See the bottom of the article for instructions on how to enable two-step verification. You can also download a PDF copy of this guide here.
This scam relies on social engineering. After stealing one account, scammers use that accounts contacts to try and steal more by abusing the trust in your relationship. Two things will happen:
- You will receive a verification text from Whatsapp
- You will receive a Whatsapp message from the stolen account asking you to send them the PIN number from the text. In the below example, the person recognised the scam and asked for additional verification 👍🏼 If you can, contact the person by phone or text to ask them if they did in fact message you!
The first message is legitimate: it is from Whatsapp who thinks you are trying to register an a new device. But the scammers can only do that if you return the PIN to them via Whatsapp. That will allow them to register your number on their device.
You will be immediately locked out of your own Whatsapp account. And probably unable to reverify your own number as Whatsapp only allows re-verification every few minutes. At this point, it’s important to not keep trying to re-verify as Whatsapp will increase the limit. However, the scammers may do this themselves to purposefully prevent you from regaining access.
They will then start messaging your contacts to try and steal more accounts or attempt to scam them for money. It’s important to let your contacts know — although it’s impossible to know which contacts the scammers will target.Another important thing to know, is that the scammers will NOT be able to se eyour past messages. Those are stored encrypted on your device and is the reason you need to create your own backup if you want to restore your message history on a new device.
Unfortunately there is little you can do to if you are victim to this scam. Eventually the scammers will leave your account or you kick them out by re-verifying. At which point you will have your account back.
You can take steps to prevent this from happening, primarily by enabling “two-step verification”. By setting a verification PIN code, anyone trying to verify your number will need both the code from the verification text AND your two-step PIN number.
Also unfortunately, the scammers may enable two-step verification before leaving your account. If you try and re-verify and Whatsapp asks for your PIN, you can try using a simple PIN, like 123456. But if you can’t guess the PIN you will need to wait seven days for it to clear. And then you can register again.
- If you receive a Whatsapp from a friend asking for a PIN number, do not respond via Whatsapp. Rather contact the person directly using another channel (e.g. voice, text, or even email)
- If your account gets stolen, try and reverify as soon as possible, but it is likely you won’t be able to
- Scammers won’t have access to your message history
- Scammers may enable two-step verification before they leave your account, meaning it may not be accessible for 7 days
How to enable two-step verification
Step 1: Go to Settings
Step 2: Select to Account
Step 3: Select Two-Step Verification
Step 4: Click Enable
Step 5: Type in a six-digit PIN
Optional step: add an email to recover your PIN if you forget it
When you’re done, your screen should look like this