What to do if your WhatsApp is hacked: a step-by-step guide | Kaspersky official blog

What to do if your WhatsApp is hacked: a step-by-step guide | Kaspersky official blog

/in

Your messaging-app account might be of interest to more than just jealous spouses or nosy coworkers. Stolen WhatsApp accounts fuel large-scale criminal activity — ranging from spam distribution to complex scam schemes. That’s why cybercriminals are constantly on the lookout for WhatsApp accounts — using various methods to hijack them. Here are eight signs your account may already be compromised.

  1. You get replies to messages you never sent.
  2. Friends complain about strange messages coming from your account.
  3. You notice deleted messages in chats, including from yourself — even though you never sent or deleted anything there.
  4. You receive a WhatsApp login verification code that you didn’t request or expect.
  5. Your account has a status or has posted stories you didn’t create.
  6. Your profile picture, name, or account description has changed unexpectedly.
  7. You’ve been added to chats or groups you never joined.
  8. When you try to log in, WhatsApp informs you that your account is in use on another device and prompts you to re-register (this is the most telling sign).

Pay special attention to the first three signs, and act immediately if you notice them — hackers often use compromised accounts to scam a victim’s friends and family. They might impersonate you to request urgent financial help, promise gifts, or invite people to participate in fake polls. In any of these cases, your friends could get scammed — with your unwitting help.

Two ways hackers can hijack your WhatsApp account

Cybercriminals can take control of your WhatsApp account in one of two ways. They either add another device to your account using the “Linked devices” feature, or re-register your account on their device as if you’d bought a new phone.

In the former case, you continue using WhatsApp as usual but the criminals also have access to it, including to your recent conversations.

In the second case, you lose access to your account, and when you try to log in, WhatsApp notifies you that your account is in use on another device. The attackers can control your account, but won’t have access to your past conversations.

What to do if your WhatsApp account has been hacked

  1. Make sure the SIM card linked to your WhatsApp account is inserted in your smartphone.
  2. Open WhatsApp on this smartphone.
  3. If it opens normally:
  • Go to the WhatsApp settings — Settings on iPhone, or the additional menu (three dots) on Android. Tap Linked devices.
  • Tap each device listed on this page.
  • Tap Log Out. This will disconnect all additional devices from your account and cut off the attackers.
  1. If the messenger tells you that you’re logged out and need to register:
  • Enter your phone number.
  • Request a one-time registration code.
  • Wait for an SMS or a voice call with the code.
  • Enter the received code.
  • If your account was protected with a two-step verification PIN, after entering the one-time registration code, enter your PIN as well.
  • WhatsApp may offer to restore your chats and settings from a backup in iCloud, Google Drive, or local storage. Accept!
  1. If you hadn’t previously set a two-step verification PIN, but WhatsApp requests it after you enter the one-time code, the attackers may have set a PIN to prevent you from regaining access to your account.
  • The PIN can be reset using the Forgot PIN
  • If an email address is linked to your WhatsApp account, you’ll receive a PIN reset link instantly. Go to your email, open the latest message from WhatsApp, tap the link inside, and then Confirm. After this, you can return to WhatsApp and set a new PIN.
  • If you hadn’t linked an email address, you can still request a PIN reset, but you’ll have to wait a week before the PIN is removed. During this time, your WhatsApp account will remain inaccessible. After a week, you can log back in to your account following the instructions above.

Once you’ve completed these steps, the attackers will be disconnected from your account. However, they may attempt to hijack it again, so be sure to follow the security tips below.

Warn your friends and family

Attackers may have sent tragic or provocative messages to your contacts, impersonating you. To ensure no one panics thinking you’re in hospital, got arrested, or had an accident — and to prevent them from sending money to “help” — inform as many people as possible that your account was hacked and that they should ignore any strange or unexpected messages sent earlier. For close friends, family, and coworkers, it’s best to call them personally. A less intrusive way to warn many people at once is to update your WhatsApp status. Go to Settings, tap your name, and in the About field, write something like, “My WhatsApp was hacked! Don’t trust messages from me, don’t send money, no help is needed”. It’s also a good idea to post the same warning on other social networks.

If your account has been restricted or banned for spam

If hackers used your account to send spam, WhatsApp may temporarily restrict it for a few hours or days. After following the steps above and regaining control of your account, you may find you’re unable to send messages.

In this case, appeal the restriction using the Request a review button, found under the notification about the imposed restrictions. After tapping this button, the restriction won’t be lifted immediately — depending on WhatsApp’s internal algorithms, it can take anywhere from a couple of hours to three days. Unfortunately, there’s no way to speed up this process.

How to protect your account from being hacked again

We’ve provided a detailed guide on WhatsApp security and privacy settings in a separate article, but here are the key points:

  • Enable two-step verification in WhatsApp and memorize your PIN — it’s not a one-time code. To do this, go to SettingsAccountTwo-step verification.
  • Never, ever share your PIN or one-time registration codes with anyone. Only scammers ask for these details.
  • WhatsApp recently introduced support for passkeys. If you enable this option (Settings → Account → Passkeys), logging in to your account will require biometric authentication, and instead of PIN codes, your smartphone will store a long cryptographic key. This is a very secure option, but it may not be convenient if you frequently change devices and switch between Android and iOS.
  • Set up a backup email address for account recovery: Settings → Account → Email address.
  • If you’ve already added an email address, log in to your email account and change your password to a strong, unique one. To store it securely, use a password manager, such as Kaspersky Password Manager.
  • Enable two-factor authentication for your email account.
  • Make sure you haven’t fallen victim to a SIM swap scam. Contact your mobile carrier — preferably in person — and verify that no duplicate SIM cards have recently been issued for your number. Also, make sure there’s no unauthorized call-forwarding set up on your number. Cancel any suspicious changes and ask the staff about additional security measures for your SIM card. These may include prohibiting SIM-related actions without your being present, an extra password required for authentication, or other protections. Available security measures vary significantly by country and mobile carrier.
  • Any security measures in WhatsApp will be of little use if your smartphone or computer is infected with malware. Therefore, be sure to install comprehensive protection on all your devices.

Kaspersky official blog – ​Read More