These days, there has been a sharp increase in WhatsApp accounts getting hacked, with scammers impersonating their victims and asking for emergency money transfers from their friends.
The fraud usually starts with hijacking a phone number by porting the number to a new network, and a new SIM card, which remains under the control of the hackers. If a WhatsApp users' account is not protected by two-factor verification, whoever receives the automated-SMS for the one-time-password (OTP) gains control of the WhatsApp account for the associated phone number.
Once the hackers have gained access to an account, they can impersonate victims on the messaging platform and ask friends, family members and acquaintances to send them money via digital wallets. If you've fallen prey to such a fraud, the fastest way to take back control of your WhatsApp account via your mobile number. Here's a list of the things you should do to prevent this from happening:
If you can't get your number back fast, email WhatsApp
WhatsApp gives users one last resort to deactivate their account via email. Send an email to firstname.lastname@example.org, with the following phrase in the subject and body of the mail: "Lost/Stolen: Please deactivate my account." Mention your contact details in the body of the mail, in the international number format.
After retrieving your number, log in to WhatsApp and log out WhatsApp Web
Once you sign in to WhatsApp, anyone else using your number is logged out automatically, so log in as soon as you start receiving SMS messages again. However, that may not be enough to stop a scammer from still impersonating you via WhatsApp Web so to avoid this, go to settings in WhatsApp, select "WhatsApp Web", and click on "Log out from all devices."
If asked for verification code you didn't set up, you'll have to wait a week
WhatsApp lets users create a six-digit PIN number to prevent account hijacking. If you don't activate that option, an attacker can do so while in control of your account, thereby locking you out.
The bad news is that there's nothing you can do except be patient. After a WhatsApp account has been inactive for seven days it becomes possible to log in without a verification code. Since the hacker loses control of the account before you're asked for that six-digit PIN number, and since neither of you can use the account, it will sit idle – and a week later you'll receive the SMS and your account back.
Let your WhatsApp groups know your account has been compromised and check for new members if you are an admin
A hacker who has assumed control of your WhatsApp account will obviously also have access to all of the groups you're part of as a member or admin. It's only polite to let people know that their conversations could have been spied on while your account was compromised, even if the discussion isn't secret or sensitive. If you're the admin on any group, check for new members added by "You" while your account was hijacked, or hackers could continue spying on the conversations.