New WhatsApp Verification Code Scam: How to Protect WhatsApp Account From Hackers?

First, the attacker will get your phone number. The attacker has multiple ways to get your phone number and other information: 1. Dark Web 2. Social media sites 3. Social engineering attacks 4. Phishing, and 5. On the WhatsApp app itself. You might be aware of what security researchers recently revealed about the Facebook data breach, which lets 533 million Facebook users’ phone numbers and personal data be leaked online.

You might know that whenever you install the WhatsApp app on your phone, it asks you to enter your phone number. In the next step, it sends a six-digit verification code to your phone number for verification. Attackers use this verification process as a weakness. The attacker will install the WhatsApp app on his phone and enter your phone number. Then you will receive a six-digit verification code or a call from WhatsApp.

The attacker repeatedly enters an incorrect verification code. You will repeatedly receive verification codes from WhatsApp when the attacker attempts with the wrong codes on this WhatsApp.

WhatsApp has a limitation policy to stop brute-forcing it. Under this policy, WhatsApp limits the attacker. After a few attempts, the attacker’s WhatsApp says: “Resend SMS/Call me in 12 hours,” and stops generating new codes to your phone number and blocks the code entry on the app for the next 12 hours. However, there is no change in your WhatsApp function. It will continue to work as before. Nothing much you can do to stop all this.

The real game starts now. Anything will happen in these 12 hours of time. It purely depends on your action. If you report these verification messages to WhatsApp support and ignore all those messages, then you are safe. If you ever try reinstalling and reverifying WhatsApp on your phone, there is a high chance of losing your WhatsApp account.

By the time you complete your re-verification process on your phone. The attacker will use his email ID (stolen or compromised) to write a complaint to , saying to deactivate your number.

WhatsApp will send an auto-generated email to the attacker’s email ID asking to enter a new phone number. WhatsApp doesn’t have any mechanism to confirm that it wasn’t you who requested the deactivation request and completed the deactivation process. All these happen with the automatic process without your knowledge.

After a couple of hours, your WhatsApp stops working on your phone, and you see a notification: “Your phone number is no longer registered with WhatsApp on this phone. This might be because you registered it on another phone. If you didn’t do this, verify your phone number to log into your account.”

At this point in time, if you try reactivating your phone number, your app will say, “You’ve tried to register your number recently. Wait before requesting an SMS or a call.”. However, you will not receive the verification code or call your phone number as your phone is subjected to 12 hours of restriction. You can’t request a new code until the completion of 12 hours, and your recent code will also not work. Your account is frozen.

After 12 hours of freeze, you can reverify your account with the six-digit verification code. But there is a twist at this point in time. The attacker, rather than writing to WhatsApp to deactivate, could repeat the process after elapsing 12 hours. You will receive a few more verification messages again if the attacker does so.

The attacker tries repeating the process for the third time, and WhatsApp will breaks down this time and says”, You have guessed too many times; try again after -1 seconds”. The app blocks both the attacker and you from requesting and entering the new code.

In this race, if the attacker reaches WhatsApp before you, you are too late. You don’t have any stone left to hit the attacker. You will have to contact WhatsApp and find someone who can help.

Report to WhatsApp support: If you start getting multiple verification messages in a short amount of time, please report to WhatsApp support. Don’t react to those messages. This is a clear indicator that someone is attempting to register using your phone number.

Don’t try reinstalling the app: This is the common mistake most make. Please don’t try to reinstall and reverify your account. If an attacker reaches the maximum number of attempts, WhatsApp will block you from the re-verification process for 12 hours. You are going to lose your account for at least 12 hours. Don’t commit the mistake of reinstalling the app.

Enable two-step verification: Enabling two-step verification is one of the best ways to protect. The key factors for securing your account are the six-digit PIN and email address. Using your email address to set up two-step verification helps the WhatsApp support team to identify that it was you.

Set a lock on WhatsApp: When you set up a six-digit PIN, WhatsApp will ask you to enter the PIN when your account is tried to set up on another device. This will work as a shield against the attack.

Export chats and delete: It is always to export your chats data to your email or cloud storage and protect with a password, as the default export option will not be encrypted. Then delete the complete chat history.

Move the backups to external storage: This option is only for Android users. Android users can export the backup to external storage and delete the backup. This would protect your data from being accessed by the attacker.

Install WhatsApp updates: Always upgrade your WhatsApp app without fail whenever there is a new version available. This ensured many bugs and vulnerabilities got fixed, which existed in old versions.