A sophisticated cybersecurity threat is currently sweeping across the United Kingdom, targeting WhatsApp users through an elaborate account hijacking scam that has already affected thousands of victims. Cybercriminals are using social engineering techniques to gain access to personal WhatsApp accounts, subsequently locking out legitimate users and exploiting their contact lists to defraud friends and family members. This scam has escalated rapidly throughout 2024, with security experts warning that if left unchecked, it could evolve into a nationwide crisis affecting millions of users, potentially leading to substantial financial losses, identity theft, and the compromise of sensitive personal and business communications across the country.
How the WhatsApp Hijacking Scam Operates
The scam begins when victims receive what appears to be a legitimate message, often claiming to be from a trusted service provider, delivery company, or even a government agency. The message typically states that the recipient needs to verify their account or confirm a delivery by clicking on a link. Once clicked, users are directed to a convincing fake website that requests their phone number. Shortly after providing this information, victims receive a genuine WhatsApp verification code via SMS. The scammers then contact the victim through various means, pretending to be WhatsApp support or claiming the code was sent in error, and ask the victim to share the six-digit code. Once the criminals obtain this verification code, they immediately gain control of the account, locking out the legitimate owner.
The Devastating Consequences for Victims
Once cybercriminals have control of a WhatsApp account, they waste no time exploiting it for financial gain. The fraudsters immediately begin messaging everyone in the compromised contact list, pretending to be the account owner in distress. Common scenarios include claiming to have lost their bank card while traveling abroad, experiencing a family emergency, or needing urgent financial assistance. Because the messages come from a known and trusted contact, many recipients fall victim to these requests and transfer money before realizing the deception. Beyond financial loss, victims also face the embarrassment and emotional distress of having their identity used to scam their loved ones. Additionally, any private conversations, photos, or sensitive information stored in the account becomes accessible to criminals.
Warning Signs and Red Flags to Watch For
Security experts have identified several warning signs that can help UK residents protect themselves from this scam. Be immediately suspicious of any unsolicited messages requesting verification codes, regardless of how official they appear. Legitimate companies, including WhatsApp, will never ask users to share their verification codes. Be wary of unexpected delivery notifications, especially if you have not ordered anything recently. Look carefully at sender details, as scam messages often come from unusual phone numbers or email addresses that mimic legitimate companies but contain slight variations. Any urgent requests for money from contacts via WhatsApp should be verified through an alternative communication method before taking action. If someone you know suddenly changes their communication style or makes unusual requests, contact them directly by phone to confirm their identity.
Protecting Yourself from Account Hijacking
There are several critical steps UK WhatsApp users should take immediately to protect themselves from this growing threat. Enable two-step verification within WhatsApp settings, which adds an extra layer of security by requiring a PIN code when registering your phone number with WhatsApp. Never share verification codes with anyone, under any circumstances, regardless of who claims to need them. Regularly review your privacy settings and limit who can see your profile information. Keep your WhatsApp application updated to ensure you have the latest security patches. If you suspect your account has been compromised, immediately contact WhatsApp support and inform your contacts through alternative means that your account has been hijacked. Additionally, report the incident to Action Fraud, the UK national reporting center for fraud and cybercrime, to help authorities track and combat these criminal operations.
What to Do If You Become a Victim
If you discover that your WhatsApp account has been hijacked, act quickly to minimize the damage. Immediately attempt to re-verify your phone number with WhatsApp, which may force the hijacker out of your account. Contact all your friends and family through alternative platforms to warn them not to respond to any messages from your compromised account. Report the incident to Action Fraud and your local police. Change passwords for any other accounts that may have been linked to your phone number. Review your bank statements carefully for any unauthorized transactions. Consider seeking support from organizations like Citizens Advice for guidance on next steps and potential compensation claims.