It was just another ordinary day for Mrs. M when her phone buzzed with a WhatsApp verification code — a six-digit number she hadn’t requested. Almost immediately, she received a message from a trusted contact on WhatsApp:
“I accidentally sent you a six-digit code. Could you please share it with me?”
Without thinking twice, and because she was preoccupied on another call, Mrs. M copied the code and sent it across. Within seconds, her WhatsApp account went silent. She was logged out, and before she could regain control, the hacker had taken over her account.
What happened next was worse — the hacker began messaging her contacts, asking for money under the pretense of an emergency. Friends and family members, seeing the message come from Mrs. M’s number, were alarmed and some even considered sending funds.
The Immediate Fallout
When Mrs. M realized she couldn’t connect to WhatsApp, she reached out by phone. I immediately alerted our groups, warning everyone that her WhatsApp had been hacked and advising them not to accept any money requests from her number. Unfortunately, the hacker impersonating as Mrs M — let’s call him Mr. H — acted fast. He deleted my warnings from the groups and even removed me from those groups.
In hindsight, that was a mistake on my part. The first thing I should have done was go into the groups where I was an Admin and remove Mrs. M’s number before posting any alerts. That would have limited the hacker’s access and ability to spread the scam further.
What to Do if Your Contact’s WhatsApp Has Been Hacked
Remove the hacked number from any groups where you are an Admin.
If you get an error saying you cannot remove that Admin, ask other Admins to attempt the removal.
Send direct messages to as many contacts as possible: “Do not accept money requests from this number because the WhatsApp is hacked.” (Mrs M’s number)
Block and report the compromised number.
If important information is stored in a group, go to Group Settings > Export Chat and email the conversation for safekeeping.
Admins must also delete any messages with sensitive information.
In Mrs. M’s case, the stakes were higher. She was a source of a lot of support for the visually impaired, and managed a group assisting visually impaired students with educational material. She was both trusted and loved by everyone. Sadly, some of her contacts believing the requests were genuine, transferred small sums. A few cautious members tried calling her directly - WhatsApp calls were declined by Mr. H, but regular phone calls went through to Mrs M, and those payments were thankfully avoided.
Because Mrs. M was active in multiple groups, the hacker gained access to a wide network of contacts. Using this, he propagated the fraud across various circles — sending more OTP requests and urgent money appeals.
How the Hack Works
The Verification Code Trap
Every WhatsApp account is tied to a phone number.
When someone tries to register WhatsApp on a new device, the app sends a 6-digit verification code via WhatsApp to the owner’s number.
Hackers trick the victim into handing over this code, which allows them to take full control of the WhatsApp account.
The image below is what the request looks like
Never give out this Verification code
The Trusted Contact Deception
Hackers often send the request from an already-compromised contact’s account.
Because the message comes from a familiar name, victims feel safe responding, almost compelled, really.
Monetary Fraud
Once inside, hackers impersonate the victim and message contacts asking for urgent financial help.
The help asked for involves transferring money to a third person, with a promise to return it in a day or two. Alternate reasons could be given like, Gpay is blocked etc. The money goes to a money mule, and can rarely be traced.
This exploits trust within social circles and spreads the scam further.
How to Avoid Falling Victim
Never Share Your Verification Code
The 6-digit WhatsApp verification code is as private as your ATM PIN.
WhatsApp itself will never ask you to share it with anyone.
Enable Two-Step Verification
WhatsApp offers an extra layer of security: a 6-digit PIN that is required in addition to the verification code. Add an email address also.
To activate:
Go to Settings > Account > Two-step verification > Enable.
Choose a PIN only you know.
Go to Settings > Account > Email address.
Add your email address and verify it from via email received from WhatsApp.
The two settings to secure your account
Be Wary of Urgent Requests
If a friend messages asking for money or a code, verify by calling them directly. DO NOT transfer money unless you speak to your contact. Never give ANY code to anyone over the phone as a watertight rule.
Hackers rely on urgency to bypass your critical thinking.
Act Quickly if Compromised
If you lose access to your WhatsApp, reinstall it and try to log in immediately using your own phone number.
Report the issue to WhatsApp via support@whatsapp.com.
Report the issue to the local cybercrime helpdesk.
Inform your contacts on phone that your account was hacked so they don’t fall prey to scams. Ask your family and friends to pass on this message on all the groups.
Ask your contacts to block your compromised number.
- Give the reason “Other” and type “Hacked for Money Fraud”. Select “Report to WhatsApp” and block. Multiple block requests with this message will help WhatsApp deactivate that account.
Key Takeaway
Mrs. M’s experience is a reminder of how easily trust can be exploited in the digital world. A moment of absentmindedness — sharing what seemed like an innocent code — gave a hacker complete control of her WhatsApp account.
Worse, the fraud spread quickly across groups and even targeted vulnerable students she supported. The lesson is clear: prevention and quick action matter.
Protect yourself by keeping your verification codes private, enabling two-step verification, and acting swiftly if a contact is hacked. In the age of instant communication, vigilance is your best defense.
Do you have any more information that will help others? Please put them in the comments below, a sign up is not required and none of your data is saved.
No comments:
Post a Comment