Table of Contents
WhatsApp is well known for its focus on privacy and security, with end-to-end encryption and other strong security features protecting your messages and data. However, no system is completely invulnerable, and hackers can still find ways to exploit loopholes and access your account without your permission.
If you’re concerned that your WhatsApp account may have been compromised, this guide will help. Let’s take a look at the common signs that your account has been compromised, and a checklist to help you identify if someone else is accessing it. We’ll walk through how to secure your WhatsApp account after a breach, and share some top tips to help keep your account safe in the future.
Warning signs of a hacked WhatsApp account
There are several tell-tale signs indicating that someone else has been accessing your WhatsApp account. Keep an eye out for the following signals:
Unread messages marked as ‘read’
Normally, when you open WhatsApp, you’ll see a number of notifications for new messages that you haven’t read yet. If you start to notice that messages are being marked as ‘read’ that you haven’t opened yourself, it’s possible that someone else has been reading them before you’ve had a chance to.
Random chats or unknown new contacts
Hackers may use your account to send spam messages to other accounts, and in order to do this, they’ll add unknown numbers to your contacts list. Look out for any unknown contacts that you haven’t added yourself or unusual messages in your chat list.
Unrecognised new messages
If you’re suddenly receiving a lot of new messages from people that you don’t recognise or you notice that unauthorised messages are being sent from your account to numbers on your contact list, it’s a clear sign that your account isn’t secure.
Changes to your profile details
Keep an eye on your profile details to make sure that they haven’t been hijacked by hackers. If a hacker is trying to impersonate you or use your account to impersonate someone else, they may change your details in order to get the response that they want from their target.
Unrecognised new linked devices
WhatsApp accounts can be accessed on multiple ‘linked’ devices. This is a common way that hackers will try to access your chats and account information. If your list of linked devices is showing additional devices that you don’t recognise, it may be that a hacker or an unauthorised user is accessing your account via WhatsApp web on their own device.
How do hackers attack WhatsApp Messenger accounts?
Hackers can use a variety of methods to gain unauthorised access to your WhatsApp Messenger account. Here are the most common ways they do it:
WhatsApp verification code scams
This common trick involves sending you a message pretending to be from WhatsApp or a trusted contact and asking you to share your verification code. Once the hacker gets this code, they can log into your account. This is why it’s incredibly important to never share your WhatsApp verification code with anyone, even contacts that you know and trust. Remember, it’s possible that their accounts have also been compromised, so you might be sharing your login details directly with a scammer.
Find out more about WhatsApp verification codes.
SIM swapping attacks
In this scam, also known as SIM jacking, the hacker convinces your mobile provider to transfer your phone number to their SIM card. Once they have control over your phone number, they can access your WhatsApp account and other services that may be linked to your phone. Port-out scams work similarly, where the hacker switches (or ‘ports’) your number over to a new SIM card from a different mobile phone carrier.
To prevent SIM swapping, try to keep your personal information secure, as this will make it harder for a hacker to convince your phone provider to carry out their requests. Practise good password hygiene for all your online accounts, including email and social media accounts. Change your passwords regularly, use strong passwords that can’t easily be guessed or hacked with a bot, and make sure to secure any hacked accounts as soon as you find that you’ve had a data breach. You can also call your phone provider and ask them to enable any extra security features that they offer to secure your account against SIM swapping or port-out scams.
Malware and phishing attacks
Clicking on suspicious links or downloading attachments from unknown sources can introduce malware to your device, giving hackers access to your account or your personal details. Hackers may also direct you to a page which asks for your login details or other sensitive information, which they can then use to carry out another type of attack (like SIM swapping).
Stay vigilant to the signs of a phishing scam, such as poor spelling and grammar or high pressure tactics, and verify that URLs are legitimate before clicking on them. If you are sent a link unexpectedly from a personal or business account, verify that the message is genuine (such as by calling the person or company using a known number) before you click on the link or respond. Hackers have been known to imitate WhatsApp’s support team, so take particular care with any messages claiming to offer ‘help’ that you haven’t asked for.
Find out how to spot a fake WhatsApp Business account.
Call forwarding attacks
Another trick that hackers may use to target your WhatsApp account uses call forwarding. While WhatsApp uses end-to-end encryption to keep messages secure and prevent scammers from accessing your past conversations, this doesn’t stop them from being able to trigger call forwarding and verify your account on another device.
Here’s how it works: the scammer calls you on WhatsApp, and convinces you to call another number that begins with a star or hash symbol. These numbers are known as MMI (Man Machine Interface) codes. Once you call the number, a one-time password (OTP) is sent, giving the attacker the opportunity to verify your WhatsApp account on another device.
To protect against call forwarding attacks, it’s best not to pick up calls from unknown numbers on WhatsApp. If you do, be particularly wary of any requests to call another number and watch out for high pressure tactics that try to get you to act urgently. If a caller is genuine, they should be able to offer a legitimate alternative way for you to verify their identity.
WhatsApp Web QR code attacks
To set up WhatsApp Web, you need to scan a QR code on a web browser. In this scam, hackers take that QR code and embed it on a malicious page, then convince you to scan the QR code using WhatsApp. They can then access your WhatsApp account on their WhatsApp Web app.
To protect against WhatsApp Web QR code attacks, make sure to verify QR codes and the websites they are embedded on before scanning them. Be wary of scanning any QR codes sent to you by unknown contacts.
How can I tell if my WhatsApp has been hacked?
Check your messages
Review your chats to see if there are any messages that you didn’t send, or messages received from contacts that you don’t know.
Check your contacts lists
Check to see if any new numbers have been added to your contacts lists. If you don’t recognise some contacts or you didn’t add them yourself, they may have been added by a hacker.
Check your profile and contact information
Look at your profile including your name, photo and phone number. If any information has changed, your account may have been hacked.
Check your linked devices
Go to Settings, then choose Linked Devices. You’ll be able to see any devices that are logged into your WhatsApp account on this page. Check the list for any unknown devices, and if you find any, tap it and select Log Out.
What should I do if my WhatsApp has been hacked?
So you’ve found out that someone else is accessing your WhatsApp account – what should you do next? It’s time to secure your account. Act quickly and take the following steps.
Secure your account
Use your phone number to sign into WhatsApp and enter the 6-digit code that you receive via SMS to verify your account. Once you’ve done this, any individuals using your account on another phone will be logged out.
If you’re asked to enter a two-step verification code, but you haven’t previously set it up, it’s possible that the hacker may have enabled two-step verification. If this is the case, you will need to wait seven days before you can sign in without the two-step verification code. You can find out more on WhatsApp’s website.
Inform your contacts
Notify your contact list as soon as you realise that your account has been hacked. The last thing you want is for a hacker to impersonate you in your chats with family and friends – particularly as they may try to ask for money or valuable information from your loved ones. Call, email or mess
Log out of any linked devices
Make sure that any unauthorised web applications using WhatsApp are logged out. Go to Settings, then Linked Devices, and log out of any devices that you don’t recognise.
Block unknown contacts
If hackers have added new contacts to your account or have participated in groups that you don’t recognise, you’ll need to cut off contact immediately. Review your recent chats, block unrecognised contacts, and remove yourself from any new groups that you weren’t previously part of.
What WhatsApp support can and can’t do if your account is hacked
WhatsApp has a support team, but if your account is hacked, they can only help in limited ways. Unfortunately, if your account is hacked, WhatsApp support can’t:
- Deactivate your WhatsApp account, as they can’t verify that you are the legitimate owner of that account,
- Locate a stolen or lost phone remotely from another device.
- Provide data showing the individual, time and location that your account was accessed.
WhatsApp support recommends securing your account by following the steps listed earlier in the article as soon as possible. If you think someone may be accessing your account via WhatsApp Web, you should log out of WhatsApp on Web/Desktop from your phone. Once your account is secured, you may be able to restore your chat history from a Google Drive or iCloud backup.
Find out more about WhatsApp backups.
How to prevent your WhatsApp account being hacked
Now that you’ve successfully recovered your WhatsApp account, how can you keep it safe and secure in the future? Follow these top tips to stop hackers from accessing your WhatsApp account.
Enable two-step verification on your WhatsApp account
Two-step verification adds an extra layer of security to your WhatsApp account. To set it up, go to Settings, then Account, then Two-step verification. From here, you can create a PIN number that you’ll use every time you access the app every time you register your phone number on WhatsApp again.
Never share your 6-digit registration code with anyone else
If someone else tries to take over your account, they’ll need the SMS verification code sent to your phone number. That’s why it’s so important to keep the 6-digit registration code safe and never share it with someone else.
Take care to avoid clicking on phishing links
Think twice before clicking on suspicious links or downloading unknown attachments. These links can sometimes be used to harvest your data and allow fraudsters to gain access to your account. Be wary of messages from unknown numbers, messages that are poorly written, and offers that use high-pressure sales tactics.
Do hackers target WhatsApp Business in a different way?
WhatsApp Business accounts face similar security threats, but the motivations behind hacking are often different. Hackers may target businesses to gain access to sensitive company data, customer information, or financial transactions. Here’s how WhatsApp Business accounts may be targeted:
Impersonation for fraud
Hackers may use a compromised business account to impersonate the company and scam customers into making payments or sharing sensitive information.
Data theft
Since businesses often store valuable customer data on WhatsApp Business, hackers may try to steal this information for financial gain. They may sell the data or use it to impersonate customers in other fraudulent activities.
How to recover and protect your WhatsApp Business account after a hacking attempt
The recovery process for WhatsApp Business is similar to personal accounts, but businesses need to be even more vigilant about security. In addition to the recovery steps mentioned above:
Notify your customers
If your business account is hacked, immediately inform your customers and partners to prevent further damage.
Secure customer data
Regularly backup important data outside of WhatsApp and encrypt any sensitive information stored on the platform. Ensure you comply with GDPR guidelines at all times.
Two-step verification
Ensure that two-step verification is enabled on both personal and business accounts.
How to harness the power of WhatsApp Business
So, you’ve decided to use WhatsApp Business instead of WhatsApp Messenger for your company comms – how should you get started? With YourBusinessNumber, it couldn’t be easier.
As you can’t use the same phone number for both apps, you’ll need a second virtual phone number to verify your new business account. We generate your brand new unique number in just a few clicks and send it to you via SMS. You can then use this number to set up your business account.
If you need help at any point in the process, our comprehensive customer support will help you get back on track. Plus, with cost-effective, stress-free and flexible plans, you’re in complete control.
So, what are you waiting for? Generate your new WhatsApp Business number today.
Author:
George Lineker
Get A Virtual Number Now!
Receive your number for WhatsApp verification in just 3 clicks!
