A dangerous new cybersecurity threat is currently sweeping across the United Kingdom, targeting WhatsApp users through a sophisticated account hijacking scam. Criminals are exploiting a verification code vulnerability to gain complete access to victims WhatsApp accounts, locking legitimate users out while impersonating them to defraud their contacts. This scam has already resulted in thousands of pounds being stolen from unsuspecting victims, and security experts warn that if left unchecked, it could escalate into a nationwide crisis affecting millions of users, potentially compromising sensitive personal data, financial information, and even enabling identity theft on a massive scale. The scam is particularly insidious because it exploits the trust between family members and friends, making it one of the most effective social engineering attacks seen in recent years.
How the WhatsApp Hijacking Scam Works
The scam begins when victims receive a message that appears to come from a trusted contact, often a friend or family member whose account has already been compromised. The message typically claims the sender has accidentally sent a six-digit code to the wrong number and asks the recipient to forward it back to them. This seemingly innocent request is actually a trap. The code is a genuine WhatsApp verification code that the scammers have triggered by attempting to register the victim account on a different device. Once the victim shares this code, the criminals immediately gain access to their WhatsApp account, effectively hijacking it and locking out the legitimate owner. The speed at which this happens leaves victims little time to react or protect their information.
The Devastating Impact on Victims
Once scammers gain control of a WhatsApp account, they waste no time in exploiting it for financial gain. They immediately contact everyone in the victim contact list, pretending to be the account owner in distress. Common tactics include claiming to be stranded abroad without access to banking, requesting emergency loans, or asking for money to resolve a fabricated crisis. Because the messages come from a known and trusted contact account, many recipients do not question the legitimacy of these requests. Victims have reported losing anywhere from a few hundred to several thousand pounds before realizing they have been scammed. Beyond the immediate financial loss, victims also face the emotional distress of knowing their identity was used to defraud people they care about, and the arduous process of warning all their contacts and recovering their account.
Warning Signs and Red Flags
There are several warning signs that can help UK residents identify this scam before falling victim. First and foremost, WhatsApp will never ask users to share their verification code with another person, and legitimate contacts will never request these codes. Any message asking for a six-digit code should be treated with extreme suspicion, even if it appears to come from someone you know. Another red flag is when the request includes a sense of urgency or a casual explanation that downplays the importance of the code. Scammers often claim it was sent by accident or that they need it for a simple verification process. Additionally, if a contact suddenly messages asking for money or claiming to be in an emergency situation, it is crucial to verify their identity through a different communication channel, such as a phone call, before responding or sending any funds.
Protecting Yourself from Account Hijacking
UK cybersecurity experts recommend several essential steps to protect against this WhatsApp hijacking scam. The most important defense is enabling two-step verification within WhatsApp settings, which adds an extra layer of security by requiring a personal PIN code that only you know. This feature makes it significantly harder for scammers to access your account even if they obtain your verification code. Users should also be vigilant about never sharing verification codes with anyone under any circumstances, regardless of who appears to be asking. It is equally important to educate family members and friends about this scam, as awareness is one of the most effective prevention tools. If you suspect your account has been compromised, immediately contact WhatsApp support, inform all your contacts through alternative means, and report the incident to Action Fraud, the UK national reporting center for fraud and cybercrime. Taking these proactive measures can mean the difference between remaining secure and becoming the next victim of this increasingly prevalent threat.