Pakistan’s National Cyber Emergency Response Team (National CERT) has issued a nationwide advisory highlighting a significant increase in WhatsApp account hijacking incidents. According to the advisory, these attacks are active and widespread, targeting users across all demographics. Unlike traditional cyberattacks that exploit software vulnerabilities, these incidents rely heavily on social engineering techniques, manipulating users psychologically to gain unauthorized access.
The advisory explains that attackers employ a range of deceptive methods such as convincing users to share one-time passcodes (OTPs), altering call-forwarding settings, sending phishing links, and distributing malicious QR codes. These tactics link victims’ accounts to attackers’ devices, allowing hijackers to impersonate users, defraud their contacts, access private conversations, and spread harmful content. The National CERT warns that the consequences of such hijacking include identity theft, financial fraud, exposure of sensitive data, reputational harm, and breaches of privacy. The risks extend beyond individuals, as organizations using WhatsApp for business communications could face leaks of confidential information and potential fraud.
All versions of WhatsApp are affected by these threats, including those on Android, iOS, WhatsApp Business, Web, and Desktop platforms. The advisory describes the severity of these attacks as high but notes that successful account takeover usually requires active user participation, such as sharing verification codes or scanning QR codes. Accounts lacking two-step verification are particularly vulnerable. To mitigate risks, National CERT strongly encourages users to activate WhatsApp’s two-step verification with a recovery email, routinely review linked devices, and avoid sharing verification codes or PINs. Users are also advised to exercise caution when receiving urgent requests for money or security codes and to refrain from clicking links in unsolicited messages.
For users whose accounts have been compromised, National CERT outlines a recovery procedure that involves reinstalling WhatsApp, re-verifying the phone number, and resetting security settings. In situations where attackers have enabled two-step verification without a recovery email, users may experience a mandatory seven-day lockout period before regaining full access, during which neither party can read messages. The advisory urges users to notify their contacts immediately if they suspect compromise, report incidents to WhatsApp, and monitor accounts for signs of misuse. National CERT emphasizes continued vigilance as cybercriminals persist in evolving their tactics to exploit users and businesses alike.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
