WhatsApp Account Takeover Scam Spreads as Fraudsters Hijack Users Through Verification Codes

July 7, 2026

Community members who use WhatsApp are being urged to stay alert as a fast spreading account takeover scam continues to hijack profiles across the country, locking users out and turning their own accounts into tools to defraud friends and family.

How the Scam Works

The scheme does not depend on cracked passwords or broken encryption. Its power comes from persuasion, getting the account holder to approve the intrusion without realizing what has happened. Security specialists say a takeover typically starts with nothing more technical than a six-digit login code and a well-timed message.

In one widely reported version, a message arrives from what looks like a familiar contact. The sender explains that a code was sent to the victim in error and asks that it be passed along. The code WhatsApp delivers is genuine, and forwarding it lets the criminal register the victim’s number on a different phone and take command of the account.

Another version leans on fake links. A message, sometimes as brief as “Is this you?” or an invitation to open a photo or video, directs the user to a page that requests a phone number. Supplying it can silently activate WhatsApp’s linked device option, attaching the attacker’s phone to the account without notice. Analysts have labeled the method GhostPairing, because the victim’s handset keeps operating normally while the hidden device quietly monitors conversations, including one-time banking codes, sometimes for weeks at a stretch.

How It Spreads

After gaining control, the criminal poses as the real owner and reaches out to that person’s contacts, frequently inventing an emergency and requesting money. Since the plea appears to come from a trusted name and number, recipients are inclined to lower their guard. Each person who sends funds or shares information can become the next entry point, pushing the fraud outward through relatives, coworkers and neighbors.

A Growing Threat

The dollar cost of messaging fraud is steep. According to the Federal Trade Commission, consumers reported $470 million in losses to text based scams during 2024, a total the agency believes understates the problem because so many cases are never filed.

Meta, the parent company of WhatsApp, has moved against the operations driving these schemes. It reported removing 6.8 million accounts connected to organized scam centers in the first half of last year and has begun introducing new protections, among them alerts that appear when someone is added to an unfamiliar group or contacted by a number outside their address book.

How to Protect Yourself

Specialists point to a handful of habits that shut the scam down. The company does not request login codes through chat, so a code should never be handed to anyone, whether a friend, a stranger or a person posing as support staff. Switching on two-step verification, located under Settings and then Account, attaches a personal identification number that stops an unauthorized phone from registering the account. It also helps to open Settings, select Linked Devices and sign out anything unrecognized on a regular basis.

Pressure to act fast should raise suspicion. A demand for an immediate response is a signature of the scheme, and pausing to confirm the request with a direct phone call often defeats it. When money is requested over WhatsApp, even by a known contact, the safest move is to reach that person on a separate line before responding.

If Your Account is Compromised

Anyone who suspects a breach should open Linked Devices, clear out any session they do not recognize and then work through WhatsApp’s account recovery steps. Losses can be reported to the FBI’s Internet Crime Complaint Center at ic3.gov, which helps investigators map the networks behind the activity.