A dangerous new cybersecurity threat is sweeping across the United Kingdom, targeting WhatsApp users through a sophisticated account hijacking scam that has already affected thousands of victims. The scam involves criminals sending fake security codes and messages claiming to be from WhatsApp support, tricking users into handing over their account access. Once hackers gain control, they impersonate the victim and message their contacts requesting money or personal information. If left unchecked, this scam could evolve into a nationwide crisis affecting millions of users, leading to substantial financial losses, identity theft, and the complete breakdown of trust in one of the most widely used communication platforms in the country. Cybersecurity experts warn that this threat represents a new level of social engineering that exploits both technical vulnerabilities and human psychology.
The WhatsApp hijacking scam begins when victims receive a text message containing a six-digit verification code they did not request. Shortly after, the victim receives a WhatsApp message from someone in their contacts list claiming they accidentally sent their code to the wrong number and asking the victim to share it with them. What victims do not realize is that their contact has already been compromised, and the request is actually coming from cybercriminals. The moment victims share that code, hackers immediately take over their WhatsApp account, locking them out completely.
How Criminals Exploit Compromised Accounts
Once criminals successfully hijack a WhatsApp account, they waste no time in exploiting it for financial gain. The hackers immediately message everyone in the stolen contact list, pretending to be the account owner in distress. Common scenarios include claiming to have lost their bank card and urgently needing money transferred, requesting payment for a family emergency, or asking contacts to complete a survey that harvests personal data. Because the messages come from a trusted contact, many victims comply without questioning the request. The UK Action Fraud service has reported a significant spike in cases over recent months, with some victims losing thousands of pounds.
Warning Signs and Red Flags
British cybersecurity agencies have identified several warning signs that indicate someone may be attempting to hijack your account. First, receiving an unsolicited verification code is the primary red flag. WhatsApp will only send these codes when someone actively tries to register your phone number on a new device. Second, any message asking you to share a code should be treated with extreme suspicion, even if it appears to come from someone you know. Third, if you suddenly find yourself logged out of WhatsApp without explanation, your account may have been compromised. Additionally, friends or family members telling you they received strange messages from your account is a clear indication that hackers have gained access.
Protecting Yourself From This Threat
Fortunately, there are several effective steps UK residents can take to protect themselves from this cybersecurity threat. The most important defense is enabling two-step verification within WhatsApp settings, which requires a PIN code that only you know before your account can be accessed on a new device. Never share verification codes with anyone under any circumstances, regardless of who appears to be asking. If you receive an unexpected code, it means someone is trying to access your account right now. Report suspicious messages immediately through WhatsApp and inform your contacts if you believe your account has been compromised. Regular security awareness and skepticism toward urgent requests for money or information remain your best defense against these increasingly sophisticated scams targeting UK users.