ISLAMABAD: While WhatsApp accounts are being hacked and stolen, and stolen accounts are used for various criminal activities, ranging from spam distribution to sophisticated financial frauds, technology expert Hafeez Aziz has suggested that the masses be careful.

“There are two ways cybercriminals can gain control of a WhatsApp account. They can add another device to an existing account using the ‘linked devices’ feature, or they can re-register the account on their own device as if the user had bought a new phone. In the first case, the user continues to use WhatsApp as usual, but the criminals also have access to all recent conversations. In the second case, the user loses access to their personal account. When trying to log in, WhatsApp notifies him that the account is already in use on another device, and the attackers can then control the account but not the past conversations,” Mr Aziz, who is associated with cyber security company Kaspersky, said.

“Instant messengers often contain both personal information about our lives and relationships, and details about work including, in some cases, confidential information. If you notice any unusual activity, such as receiving replies to messages that you didn’t send, or if your friends complain about strange messages coming from your account, it’s important to take steps to protect your privacy immediately. These steps can include logging out on all other devices except your phone, as well as informing your friends and family – in a call, an update of your WhatsApp status, or on social networks – warning not to trust messages from the hacked account and not to send money,” said Hafeez Aziz.

“You can check instructions on what to do in case WhatsApp account was already compromised, while to avoid WhatsApp account from being hacked, user should enable two-step verification in WhatsApp and memorise your PIN, which is not a one-time code. To do this, go to Settings ? Account ? Two-step verification. Never, ever share your PIN or one-time registration codes with anyone. Only scammers ask for these details. WhatsApp recently introduced support for passkeys. If you enable this option (Settings ? Account ? Passkeys), logging in to your account will require biometric authentication, and instead of PIN codes, your smartphone will store a long cryptographic key. This is a very secure option, but it may not be convenient if you frequently change devices and switch between Android and iOS,” he said.

“Make sure you haven’t fallen victim to a SIM swap scam. Contact your mobile carrier — preferably in person — and verify that no duplicate SIM cards have recently been issued for your number. Also, make sure there’s no unauthorised call-forwarding set up on your number. Cancel any suspicious changes and ask the staff about additional security measures for your SIM card. Any security measures in WhatsApp will be of little use if your smartphone or computer is infected with malware. Therefore, be sure to install comprehensive protection on all your devices,” Hafeez Aziz said.

Published in Dawn, March 20th, 2025