ReviewedAccount takeover
WhatsApp account takeover
An attacker tricks a user into sharing a WhatsApp verification code, then uses the account to solicit money from contacts.
WhatsAppOTPImpersonationIndividualsGuild member
What happened
The attacker initiates a login with the victim's phone number and asks the victim to share the verification code.
How it works
Once the code is shared, the attacker signs in, enables extra verification, and messages the victim's contacts for money.
Red flags
- A contact asks you to forward a six-digit code.
- The message says a group invite, prize, or support check needs verification.
- The sender becomes unusually urgent or formal.
What to do now
Recover the account through WhatsApp support, notify close contacts through another channel, and enable two-step verification.
What not to do
Do not forward verification codes, even to friends or family.
Evidence notes
- Screenshots should hide phone numbers and codes before submission.
