A sophisticated new cybersecurity threat is currently sweeping across the United Kingdom, targeting WhatsApp users through an elaborate account hijacking scheme. Criminals are impersonating trusted contacts to steal six-digit verification codes, gaining complete access to victim accounts within minutes. This scam has already affected thousands of British users and security experts warn it could escalate into a nationwide identity theft crisis, potentially compromising sensitive personal data, financial information, and enabling criminals to defraud entire contact lists. The widespread nature of this attack means that anyone with a WhatsApp account is at risk, making it essential for all UK residents to understand how this scam operates and how to protect themselves from becoming the next victim.
How the WhatsApp Hijacking Scam Works
The scam begins when cybercriminals gain access to a WhatsApp account, often through previous data breaches or phishing attacks. Once inside, they immediately message every contact in the compromised account, pretending to be the legitimate account holder. The message typically claims the person accidentally sent a six-digit code to the wrong number and asks if you could share it with them. This seemingly innocent request is actually a trap. The code being referenced is a WhatsApp verification code that the criminals have triggered by attempting to register your phone number on a new device. By sharing this code, victims unknowingly hand over complete control of their WhatsApp account to the attackers. Within seconds, the criminals change the security settings, lock out the real owner, and begin targeting that person’s contact list, creating a rapidly spreading chain of compromised accounts across the United Kingdom.
Warning Signs to Watch For
Security experts have identified several red flags that can help UK residents spot this scam before falling victim. First, be immediately suspicious if any contact asks you to share a code you have received, even if the message appears to come from someone you trust completely. WhatsApp verification codes are meant solely for your use when setting up the application on your own device. Second, pay attention to unusual message timing or phrasing that does not match your contact’s normal communication style. Criminals often send these requests late at night or during odd hours when people are less alert and more likely to comply without thinking. Third, if you receive an unexpected verification code without attempting to log in anywhere, this is a strong indication that someone is trying to access your account. Do not share this code with anyone under any circumstances, regardless of who appears to be asking for it.
Protecting Yourself from Account Hijacking
The most effective defense against this WhatsApp scam is enabling two-step verification within the application settings. This security feature adds an extra layer of protection by requiring a personal PIN code that only you know whenever your phone number is being verified on a new device. Even if criminals obtain your six-digit verification code, they cannot access your account without this additional PIN. To activate two-step verification, open WhatsApp, navigate to Settings, then Account, then Two-Step Verification, and follow the prompts to create your secure PIN. Choose a code that is memorable but not easily guessable, and avoid using obvious combinations like birthdays or repeated numbers. Additionally, never share any verification codes received via SMS or WhatsApp with anyone, regardless of the circumstances or who is requesting them.
What to Do If You Become a Victim
If you realize your WhatsApp account has been compromised, act immediately to minimize the damage. First, attempt to re-verify your phone number by reinstalling WhatsApp and entering your phone number. If the criminals have not yet enabled two-step verification on your hijacked account, you should receive a new verification code that will allow you to regain access. Once back in, immediately enable two-step verification to prevent future attacks. Second, notify all your contacts through alternative communication methods such as text message, email, or phone calls, warning them that your account was compromised and they should ignore any suspicious messages. Third, report the incident to Action Fraud, the UK national reporting center for fraud and cybercrime, by visiting their website or calling 0300 123 2040. Finally, review your account activity and security settings carefully to ensure no other unauthorized changes were made during the breach.