ISLAMABAD: Pakistan’s National Cyber Emergency Response Team has issued a nationwide warning about the rising cases of WhatsApp account hijacking, highlighting the rapid spread of such threats.
Cybercriminals are increasingly relying on social deception to trick users rather than exploiting technical flaws. Hijacked accounts are often misused for identity theft, financial scams, spreading harmful content, and stealing information.
WhatsApp accounts, tied to phone numbers and SIM ownership, can be restored, but this same feature allows attackers to manipulate users into providing authentication codes or enabling call forwarding. This threat impacts regular users, professionals, and organizations that use WhatsApp for official communication, with businesses particularly vulnerable to fraud akin to email scams.
Common hijacking methods include:
- Authentication code fraud: Attackers pose as support staff or acquaintances to request verification codes.
- Call forwarding misuse: Users are tricked into forwarding calls via USSD codes.
- Fake links: Victims are directed to deceptive pages offering fake rewards or warnings.
- QR code fraud: Scanning malicious QR codes links accounts to attackers’ devices.
Users must be vigilant if accounts are suddenly deleted, unfamiliar devices appear under connected accounts, unrequested verification codes are received, or suspicious messages are sent from their accounts.
Hijacked accounts expose users to risks like financial loss, identity theft, privacy breaches, and reputational damage. Attackers may demand money or distribute malicious content through compromised accounts. Recovery is possible by reinstalling WhatsApp and re-registering with a verification code. Enabling two-step verification with a recovery email accelerates account restoration; without it, users may face a seven-day wait.
To prevent such threats, the team recommends:
- Activating two-step verification with a recovery email.
- Avoiding sharing personal data or passwords.
- Regularly checking connected devices and call forwarding settings.
- Steering clear of suspicious links and QR codes.
- Cross-verifying unusual requests from secondary sources.
Organizations should train employees, implement strict transaction verification systems, and prepare contingency plans for cyberthreats.
The National Cyber Emergency Response Team urges users to secure their accounts, remain cautious of unexpected messages, and educate less-informed individuals on this issue. Adopting basic security practices and timely actions remains critical in combating evolving cybercrimes.
