Pakistan’s National Cyber Emergency Response Team (National CERT) has issued a nationwide advisory warning of a sharp rise in WhatsApp account hijacking, calling the threat widespread and highly effective.
According to the advisory, attackers are relying more on social engineering tactics than technical flaws, tricking users into handing over access. Once compromised, accounts are used for impersonation, financial fraud, data theft, and spreading malicious content.
National CERT explained that WhatsApp accounts are linked to phone numbers and SIM ownership, which makes recovery possible, but also creates opportunities for attackers who deceive users into sharing verification codes or enabling call forwarding.
The threat affects all segments of society, including ordinary users, professionals, and business employees. For organizations using WhatsApp for work, compromised accounts can lead to fraud similar to business email compromise, but through a trusted messaging platform.
The advisory identified several common methods currently in use:
Users should remain alert for signs such as sudden logouts, unknown devices in “Linked Devices,” unexpected verification prompts, or contacts receiving suspicious messages. Receiving a verification code without requesting it should be treated as an active hijacking attempt.
A hijacked WhatsApp account can result in financial loss, identity misuse, privacy breaches, and reputational damage. Attackers often use compromised accounts to request money from contacts or spread malware and scam links.
National CERT noted that WhatsApp provides an effective recovery mechanism if action is taken quickly. Victims should reinstall WhatsApp and re-register using the SMS verification code to remove the attacker.
If two-step verification has been enabled without a recovery email, users must wait seven days before regaining access. Accounts with a recovery email can reset access immediately.
Businesses are urged to train employees, use strict verification for financial requests, and maintain incident response plans. Organizations relying on WhatsApp for official communication may consider more controlled solutions like the WhatsApp Business API.
The advisory strongly urges users to enable Two-Step Verification with a recovery email, calling it the most important safeguard. Other recommendations include reviewing linked devices, avoiding unsolicited links and QR codes, checking call forwarding settings, and never sharing verification codes or PINs. National CERT stressed that legitimate organizations, will never ask for such information.
National CERT urged WhatsApp users across Pakistan to secure their accounts immediately, remain cautious of unsolicited requests, and educate others, especially vulnerable users. As cybercriminal tactics evolve, the agency emphasized that basic security practices and quick response remain the strongest defense.