Locked Out of WhatsApp?  Stay Alert- It Could Be a Scam

1. WhatsApp takeover scam

A growing number of WhatsApp users are losing access to their accounts after unknowingly handing over their six-digit verification codes (OTP) to scammers. Once hackers gain control, they send the same fake message to the victim’s contacts, pretending to be them and asking for the OTP or even money. This domino effect allows scammers to hijack account after account in a matter of minutes. 

2. How the scam works

Step 1: The attacker initiates a fake login attempt

The scammer opens WhatsApp and enters your phone number obtained through a data leak, social media, or random guessing. This prompts WhatsApp to send you an OTP via SMS, as part of its standard login process.

Step 2: You receive the OTP on your phone

Since the OTP is only sent to your registered number, it arrives on your phone. At this point, the attacker still cannot access your account as they need the code you just received.

Step 3: The attacker contacts you by posing as a trusted contact

The scammer sends you a WhatsApp message or calls you, often using another compromised account of a friend or a colleague. They claim that they accidentally sent their OTP to your number and request that you send it back to them.

Examples of what they might say:

Source: LiveHindustan, Norton

Step 4: Victim shares the OTP

If you share the OTP, you’re effectively giving the scammer access to your WhatsApp account. As soon as they enter the code on their device, WhatsApp logs them in and logs you out.

Source: AI generated with text and design inputs

3. Impact of the scam

Scammers want full access to your chats, contacts and groups. Once they control your account, they impersonate you and exploit your trusted network.

Lock you out of your own account

In many cases, scammers enable two-step verification after taking control of your account, making it harder for you to regain access.

Data gathering and misuse

Attackers may collect personal data like your contact list, group memberships, WhatsApp media and account activity for targeted scams.

Commit further fraud

  • For financial gain: They message your friends or family asking for urgent money transfers or sensitive information
  • Social engineering at scale: They repeat the scam using your identity to trick more people into sharing OTPs or bank details
  • Spreading malicious links: They send phishing links or malware through your account to collect personal details of unsuspecting people in your network

4. How to protect yourself

WhatsApp advises users to stay cautious when receiving messages from unknown numbers, especially if the sender is attempting to rush you, make unusual requests, or pressure you into sharing personal or financial information. If you’re unable to verify the person’s identity, it’s best to end the conversation immediately.

You should:

  • Regularly review, block and report suspicious accounts
  • Update privacy settings by adjusting who can see your
  • Last Seen & Online: Settings > Privacy > Last Seen & Online → Set to My Contacts or Nobody
  • Profile Photo: Settings > Privacy > Profile Photo → Set to My Contacts or Nobody
  • About: Settings > Privacy > About → Set to My Contacts or Nobody
  • Status: Settings > Privacy > Status → Share only with trusted contacts
  • Control who can add you to groups

Go to Settings > Privacy > Groups

Choose My Contacts or My Contacts Except… to limit unsolicited group adds

  • Enable two-step verification

Open WhatsApp Settings > Account > Two-step verification > Turn On > Enter PIN > Re-enter PIN to verify

You can add your email to recover your WhatsApp account if you forget your PIN.

  • Check and manage your linked devices regularly under WhatsApp Settings.
  • Update your WhatsApp through play store or app store.

WhatsApp says that it does not have the ability to identify the person attempting to register your number. Therefore, it is important to report to appropriate authorities.

5. Steps to Report and Recover

  1. Verify if suspicious messages or calls are real by contacting the sender in another way like calling them on a different app or phone.
  2. Log back into your account immediately before the hacker changes your settings.
  3. Warn your contacts and let them know your account was compromised and to ignore any messages from that account.
  4. Report the Scam:
    • Use WhatsApp’s in-app report and block feature
    • File a complaint at cybercrime.gov.in or call 1930
    • Report suspicious calls/messages on Chakshu portal

Remember this golden rule


If someone’s rushing you to share a code, trust your gut. Don’t respond. Don’t click. Don’t share. Your account is your responsibility – protect it like you would your ATM PIN.

I4C has also been sharing important information regarding WhatsApp scams through its social media handle @Cyberdost on YouTube, Instagram, Facebook and X. Follow to stay informed about the latest threats.

B40, Block B, Soami Nagar South, 

Soami Nagar, New Delhi,

Delhi 110017

secretariat@saferinternetindia.com

Secretariat managed by Koan Advisory Group