Pakistan’s National Cyber Emergency Response Team (National CERT) has issued a nationwide advisory warning of a sharp rise in WhatsApp account hijacking, calling the threat widespread and highly effective.
According to the advisory, attackers are relying more on social engineering tactics than technical flaws, tricking users into handing over access. Once compromised, accounts are used for impersonation, financial fraud, data theft, and spreading malicious content.
A Growing National Cyber Threat
National CERT explained that WhatsApp accounts are linked to phone numbers and SIM ownership, which makes recovery possible, but also creates opportunities for attackers who deceive users into sharing verification codes or enabling call forwarding.
The threat affects all segments of society, including ordinary users, professionals, and business employees. For organizations using WhatsApp for work, compromised accounts can lead to fraud similar to business email compromise, but through a trusted messaging platform.
How the Attacks Work
The advisory identified several common methods currently in use:
- OTP Social Engineering: Victims are tricked into sharing six-digit verification codes by attackers posing as WhatsApp support, telecom staff, or known contacts.
- Call Forwarding Exploits: Users are deceived into dialing USSD codes that forward verification calls to attackers.
- Phishing Links: Fake alerts or prize messages lead to fraudulent login pages that steal credentials.
- QR Code Scams (Quishing): Scanning malicious QR codes links the victim’s account to the attacker’s device.
Warning Signs of Compromise
Users should remain alert for signs such as sudden logouts, unknown devices in “Linked Devices,” unexpected verification prompts, or contacts receiving suspicious messages. Receiving a verification code without requesting it should be treated as an active hijacking attempt.
Impact on Victims
A hijacked WhatsApp account can result in financial loss, identity misuse, privacy breaches, and reputational damage. Attackers often use compromised accounts to request money from contacts or spread malware and scam links.
Official Recovery Process
National CERT noted that WhatsApp provides an effective recovery mechanism if action is taken quickly. Victims should reinstall WhatsApp and re-register using the SMS verification code to remove the attacker.
If two-step verification has been enabled without a recovery email, users must wait seven days before regaining access. Accounts with a recovery email can reset access immediately.
Account Safety Guidelines
- Enable Two-Step Verification with a recovery email
- Never share verification codes or PINs
- Regularly check Linked Devices and call forwarding status
- Avoid suspicious links and QR codes
- Verify unusual requests through alternative channels
Businesses are urged to train employees, use strict verification for financial requests, and maintain incident response plans. Organizations relying on WhatsApp for official communication may consider more controlled solutions like the WhatsApp Business API.
User Advisory
The advisory strongly urges users to enable Two-Step Verification with a recovery email, calling it the most important safeguard. Other recommendations include reviewing linked devices, avoiding unsolicited links and QR codes, checking call forwarding settings, and never sharing verification codes or PINs. National CERT stressed that legitimate organizations, will never ask for such information.
National CERT urged WhatsApp users across Pakistan to secure their accounts immediately, remain cautious of unsolicited requests, and educate others, especially vulnerable users. As cybercriminal tactics evolve, the agency emphasized that basic security practices and quick response remain the strongest defense.
