Pakistan’s National Cyber Emergency Response Team has issued a nationwide alert over a sharp rise in WhatsApp account hijacking incidents across the country.
The agency said cybercriminals are using deceptive tactics that rely more on social engineering than technical hacking. Attackers trick users into handing over access by exploiting trust and urgency.
According to CERT, once criminals seize control of a WhatsApp account, they often use it to commit financial fraud, misuse identities, steal data, and spread harmful links.
Officials warned that the threat affects all segments of society. Ordinary users, professionals, and organisations that rely on WhatsApp for official communication remain at risk. Many cases resemble Business Email Compromise-style scams, especially when attackers target financial transactions.
How attackers hijack WhatsApp accounts
CERT highlighted several common methods used by scammers:
- Verification code deception: Attackers impersonate support staff or trusted contacts to obtain login credentials.
- Call forwarding abuse: Victims are tricked into dialling USSD codes that redirect calls to attackers.
- Phishing links: Fake prize offers or security alerts redirect users to malicious websites.
- QR code scams: Scanning unsafe QR codes links accounts to an attacker’s device.
Warning signs of a compromised account
Users should act immediately if they notice:
- Sudden logout from WhatsApp
- Unknown linked devices
- Unrequested verification codes
- Messages sent to contacts without consent
Risks linked to hijacked accounts
CERT warned that compromised accounts can lead to:
- Financial losses
- Identity theft
- Exposure of private data
- Serious reputational harm
Attackers often demand money or spread malicious links through trusted contacts.
How to recover a hijacked WhatsApp account
CERT advised users to take these steps:
- Reinstall WhatsApp and re-register using the SMS verification code.
- If two-step verification was enabled without a recovery email, wait seven days.
- If a recovery email exists, restore access immediately.
Key safety measures for users
To prevent attacks, CERT recommends:
- Enable two-step verification with a recovery email.
- Never share verification codes or PINs.
- Check linked devices and call-forwarding settings regularly.
- Avoid suspicious links and QR codes.
- Confirm unusual requests through another communication channel.
Guidance for organizations
CERT also urged organizations to:
- Train staff on social engineering threats.
- Enforce strict approval processes for payments.
- Maintain clear incident response plans.
The agency called on all WhatsApp users to secure their accounts immediately and share awareness, especially with less tech-savvy users. CERT stressed that simple precautions and quick action remain the strongest defense against evolving cybercrime.
