WhatsApp account takeover: How it works and how to prevent it

WhatsApp is the third most-used social media platform with about 2 billion monthly active users globally. However, among these users are hackers who exploit the app’s security vulnerabilities to gain unauthorised access to accounts and personal conversations of other users.

The messaging app in an attempt to protect users from cyber-attacks has undergone various security updates (here, here and here). Yet the number of reported cases continues to rise, becoming a concern to both users and cyber security authorities worldwide.

In October 2023, Ghana’s Cyber Security Authority (CSA) issued a warning to the public regarding a surge in account takeovers on WhatsApp.

According to the CSA, at least 64 of such cases have been reported since April 2023, indicating a growing trend of people falling victim to social engineering tactics and unknowingly giving away their WhatsApp verification codes to malicious actors- resulting in unauthorised access and account takeover. This is not the first time the CSA has issued such an alert, as a similar warning was released in December 2022.

More often than not, these malicious actors use the stolen or hacked accounts to solicit money from contacts, commit fraud, send offensive messages/ images, spread mis/disinformation, or even use stolen accounts as bait to hack other accounts in the contact list of victims.

In this report, Fact-Check Ghana highlights the methods employed by hackers to steal WhatsApp accounts and how users can practice digital safety on the app.

What is WhatsApp account takeover and how does it work?

WhatsApp account takeover is when malicious actors gain unapproved access to an account on WhatsApp. All a hacker needs to take over an account is a phone number and a 6-digit verification code which is activated through the registration or re-registration of an account.

When a user is creating an account for the first time or re-registering an existing account, WhatsApp sends a  6-digit verification code to the user via SMS or phone call. The user is prompted to enter the code to verify their phone number and activate their WhatsApp account.

As such, hackers employ various scams with the sole purpose of obtaining this 6-digit verification code in order to successfully hack an account.

Methods of Operation

There are numerous methods through which hackers can gain access to the accounts of unsuspecting WhatsApp users – these methods become more sophisticated over time. Here are some strategies that cyber attackers employ to take over WhatsApp accounts.

Through compromised WhatsApp groups

Per the Cyber Security Authority’s statement, malicious actors normally begin their attacks by compromising WhatsApp groups before targeting the accounts of group members.

When WhatsApp groups are compromised members become vulnerable to attacks

In this case, a cyber attacker infiltrates a WhatsApp group and obtains the phone number of a group member to initiate a re-registration process for that individual’s account. Throughout this procedure, WhatsApp sends a 6-digit verification code to the victim’s phone number. The hacker proceeds to send an SMS notification to the victim, claiming that there is an upgrade on the WhatsApp group platform and requests the verification code received by the victim. Upon obtaining the code, the hacker finalizes the registration, effectively gaining control of the victim’s WhatsApp account.

Through phishing attempts

Another approach used by hackers to gain control of accounts involves sharing URL links within WhatsApp groups. After sharing the links, these hackers instruct members to open these links, purportedly to update their information and ultimately leading them to provide a 6-digit verification code they may have received from WhatsApp during the re-registration process initiated by the attacker.

Impersonating a friend or relative

A potential victim would either receive a call from an unknown number, or a message from a contact (whose WhatsApp account may have been compromised) requesting the victim to share a 6-digit verification code. Usually, the hacker gives an excuse that they inadvertently sent the code to the victim. The hacker is able to take over the account as soon as the victim forwards the code.

By posing as a WhatsApp support staff

In this method, a victim receives a call or message from a cyber attacker who poses as a WhatsApp support staff. The attacker informs the victim that their account has been reported and that they need to verify their account by providing a 6-digit verification code sent to them.

In other cases, the cyber attacker impersonates a WhatsApp support staff and sends the victim a message or calls the victim informing them that a security code has been sent to prevent their account from being hacked. The attacker then proceeds to instruct the victim to share the code.

Through voice verification

Scammers use the voice verification method to take over a victim’s WhatsApp account by starting the verification (re-registration) process and deliberately failing multiple times. This prompts WhatsApp to initiate a “voice verification” process by calling the victim’s phone number and providing a verification code in an audio message. The audio message will be directed to the victim’s voicemail account if the call is unanswered. The scammer will then hack the victim’s voicemail to retrieve the verification code and take over the victim’s WhatsApp account. Once the scammer has taken over the account, they can enable two-step verification to prevent the victim from regaining control.


Spyware can be installed (via an app installation, file attachment or when the user visits a malicious website) on the user’s device and can capture login details and other sensitive information that can allow a hacker to take over the WhatsApp account.

Signs that your account has been hacked

In order to safeguard your WhatsApp account and personal information from the hands of digital attackers, it is crucial to be on the lookout for the following indicators that show that your account may be compromised.

Receiving verification codes: If you receive verification codes without initiating a verification or re-registration process, it may be a sign that your account is being hacked. In some instances, you might receive multiple verification codes in a row. It is wise to disregard such verification codes and not log out of your account.

Unknown linked devices: An additional indication that your account has been accessed without authorisation is unfamiliar or unapproved devices that are linked to your account. To verify this, open WhatsApp Settings on your mobile device and select “Linked Devices” to check the devices that are linked to your account.

Unusual account activity: Usually, when a hacker takes over an account, there are some irregular activities on the account such as frequent logins from unfamiliar devices or locations and modifications to profile details. Additionally, you will notice messages you did not send, contacts that are not yours, and messages from strange numbers.

What’s more, you will notice changes in your privacy settings such as making previously private information public.

Malfunctioning App: Another tell-tale sign that your WhatsApp account is being hacked is that the app tends to crash or freeze when in use. Moreover, you may receive requests for permission to access your personal and sensitive information.

Sudden change in your phone’s temperature: A sudden rise in your phone’s temperature when not in use may indicate that your account is under threat of a cyberattack. This temperature increase could be attributed to the presence of spyware that has been installed on your device.

Excessive battery usage and consumption: If your smartphone battery depletes rapidly or data usage spikes despite normal activity, there’s a likelihood that spyware is operating on your device and can be used to gain access to your account.

How to secure your WhatsApp account

Below are some steps to secure your account and minimize the risk of unauthorized access.

Enable Two-Step verification: Two-step verification adds an additional layer of security to your WhatsApp account. This feature entails setting up a distinct six-digit PIN (different from the regular six-digit verification code).

To activate the two-step verification PIN, open WhatsApp settings, select “Account”, choose “Two-step verification” and follow the prompts to set up your PIN. You can also add your email to help you reset your PIN when you forget it.

Keep the app updated: Social media applications like WhatsApp periodically undergo security updates to address potential vulnerabilities. Updating the app guarantees that you benefit from the most recent security patches, providing protection against software weaknesses. You can achieve this by enabling automatic updates or manually checking for updates in your device’s app store to ensure that you are using the latest version of the messaging platform.

Monitor linked devices: Review the list of devices that are linked to your account regularly to ensure that only authorised devices have access to your account. Open WhatsApp settings, and tap on “Linked Devices” to view the list of connected devices. Log out of all devices if you suspect that an unfamiliar device has access to your account.

Beware of phishing attempts: Refrain from downloading files or clicking on links that are not from trusted sources.

Do not share verification codes with anyone: Never share your WhatsApp verification with a third party. WhatsApp support staff do not ask you to share your verification code with them in the event that they contact you or when you contact them.

Review your privacy settings: To protect your personal information, check your privacy settings to control who can see your profile information, status updates and last-seen time marks.

Protect your phone with a strong password: Securing your device with a strong password or unique PIN is an additional means of protecting your WhatsApp account from being compromised in case your phone is stolen or falls into the wrong hands.

Use biometric authentication: Just like passwords activating biometric authentication such as fingerprint or face recognition ensures that only you can access the app.

How to recover a stolen or hacked account

  1. Sign out of your WhatsApp messenger and log back in using your phone number.
  2. A six-digit code will be sent to your phone number via SMS.
  3. Enter the code to log into your account. This will automatically log out the unauthorized user.
  4. If prompted to provide a two-step verification code, despite not setting one up yourself, it indicates the person using your account has activated it. Since you don’t have the code, you’ll need to wait for 7 days before you can sign into your account again without the two-step verification code. You will still be able to access your account regardless.

Aside from the tips above staying vigilant is the most effective way of protecting your WhatsApp account from malicious actors.

Related articles