A sophisticated new cybersecurity threat is currently sweeping across the United Kingdom, targeting WhatsApp users through an elaborate account hijacking scam that has already affected thousands of people. Criminals are using social engineering tactics to gain access to personal WhatsApp accounts by impersonating friends and family members, requesting six-digit verification codes under false pretenses. Once they gain access, scammers lock out legitimate users and proceed to contact everyone in the victim contact list, requesting emergency money transfers or sensitive personal information. This threat could eventually lead to widespread identity theft, substantial financial losses across communities, and a breakdown of trust in digital communication platforms that millions of UK residents rely on daily for both personal and professional interactions.
The scam operates through a deceptively simple but highly effective method. It begins when victims receive a message that appears to come from a known contact, often a friend or family member whose account has already been compromised. The message typically claims that the sender has accidentally sent a six-digit code to the wrong number and asks if the recipient could share it with them. This code is actually a WhatsApp verification code that the scammers have triggered by attempting to register the victim phone number on a new device. Once the victim shares this code, the attackers immediately gain full access to the WhatsApp account, effectively locking out the legitimate owner.
How the WhatsApp Hijacking Scam Works
The National Cyber Security Centre has issued warnings about this particular scam, emphasizing that it exploits the natural human tendency to help friends and family members. The criminals behind this operation understand that people are more likely to comply with requests that appear to come from trusted contacts. After gaining access to an account, scammers work quickly to change account settings and begin targeting the victim entire contact list. They often claim to be in urgent need of money, stuck in an emergency situation, or needing help with a time-sensitive financial transaction. The requests are designed to create panic and urgency, pressuring contacts to send money before they have time to verify the authenticity of the request through alternative communication channels.
Warning Signs and Red Flags
Security experts have identified several warning signs that can help UK residents identify this scam before falling victim. Any unexpected request for a verification code should be treated with extreme suspicion, even if it appears to come from a trusted contact. Legitimate services will never ask users to share verification codes with other people. Additionally, any urgent requests for money via WhatsApp, especially those that emphasize secrecy or time pressure, should be independently verified through a phone call or face-to-face conversation. Other red flags include messages with unusual grammar or phrasing that does not match the typical communication style of the supposed sender, requests to keep the transaction private from other family members, and pressure to act immediately without taking time to think or verify.
Protecting Yourself and Your Accounts
The most effective defense against this WhatsApp hijacking scam is enabling two-step verification within the WhatsApp application settings. This feature adds an extra layer of security by requiring a personal PIN code whenever registering a phone number with WhatsApp. Users should also maintain a healthy skepticism about unexpected requests for codes or money, regardless of who appears to be sending them. If you receive a message requesting a verification code, do not share it under any circumstances. Instead, contact the person through a different communication method to verify whether they actually sent the message. UK cybersecurity officials also recommend regularly reviewing privacy settings on all social media and messaging platforms to limit the amount of personal information visible to potential scammers.
What To Do If You Become a Victim
If you realize that your WhatsApp account has been compromised, immediate action is essential to minimize damage and prevent further spread of the scam. First, attempt to regain access to your account by requesting a new verification code and re-registering your phone number with WhatsApp. Contact WhatsApp support directly through their official channels to report the hijacking. Next, use alternative communication methods to warn all your contacts that your account was compromised and that any recent messages requesting money or codes were not from you. Report the incident to Action Fraud, the UK national reporting centre for fraud and cybercrime, providing as much detail as possible about the scam and any financial losses incurred. Finally, monitor your bank accounts and other online services for suspicious activity, as scammers may attempt to use information gathered from your WhatsApp conversations to target other accounts.