Received a WhatsApp verification code you did not request? This is a warning sign of a WhatsApp account hijacking scam. Criminals trick you into sharing the 6-digit OTP, which gives them complete access to your WhatsApp account and the ability to target your contacts. Do not share the code with anyone.
What Is the WhatsApp Verification Code Scam?
In this scam, a fraudster first takes over one of your WhatsApp contacts’ accounts. They then message you from that trusted contact’s account, claiming they accidentally sent you a 6-digit code and asking you to forward it. That code is actually the OTP needed to log in to your own WhatsApp account on a new device. If you share it, the attacker instantly gains full access to your account.
How Does the WhatsApp Verification Code Scam Work Step by Step?
Step 1: Attacker Takes Over a Contact’s Account
Using the same scam on someone else, the fraudster has already hijacked a WhatsApp account belonging to one of your contacts. Your contact’s name and profile photo are now in the attacker’s control.
Step 2: You Receive a Seemingly Genuine Message
You get a WhatsApp message from your contact’s number: “Hi, sorry, I accidentally sent a 6-digit code to your number. Could you please forward it to me?”
Step 3: The OTP Arrives on Your Phone
Shortly after, a genuine WhatsApp OTP arrives via SMS on your device. This is because the attacker has requested a login for your account on a new device.
Step 4: You Forward the Code
Believing the message is from a friend, you forward the code. The attacker now logs into your WhatsApp account and can read all your private messages, impersonate you, and target your contacts with the same scam.
What Are the Warning Signs?
- You receive a WhatsApp OTP without requesting one — You only receive this code when someone initiates a login to your account.
- A “friend” asks you to forward a code — No legitimate WhatsApp user sends codes to the wrong person; this claim is always a deception.
- Unusual message tone from a contact — The attacker may not write the way your actual friend does.
How to Protect Your WhatsApp Account from This Scam?
- Never share your 6-digit OTP — WhatsApp will never ask you to send your code to another person. Neither will any genuine contact.
- Enable Two-Step Verification immediately — Go to WhatsApp Settings → Account → Two-step verification → Enable. This adds a PIN that blocks account takeover even if the OTP is compromised.
- Verify out of band — If a contact claims to need a code, call them on their regular phone number (not WhatsApp) to confirm before taking any action.
- Alert your contact — If you suspect their account is hijacked, notify them by SMS or phone call so they can recover their account.
- Be alert to other WhatsApp scams — The rediroff.ru phishing link is another common WhatsApp-based attack.
What to Do If Your WhatsApp Account Is Hijacked?
- Request a new OTP at WhatsApp login to regain control of your account
- Immediately notify your contacts that your account was compromised
- File a complaint at cybercrime.gov.in
- Call the National Cyber Crime Helpline: 1930
If your WhatsApp account has been hijacked or you suspect your data has been compromised, contact cyber expert Anuraag Singh for immediate assistance.
