March 19, 2025
There are two ways cybercriminals can gain control of a WhatsApp account: they can add another device to an existing account using the “Linked devices” feature, or they can re-register the account on their own device as if the user had bought a new phone. In the first case, the user continues to use WhatsApp as usual, but the criminals also have access to all recent conversations. In the second case, the user loses access to their personal account. When trying to log in, WhatsApp notifies him that the account is already in use on another device, and the attackers can then control the account but not the past conversations.
“Messengers are a private space, as they often contain personal information about our lives and relationships with family and friends. They can also contain information about work and, in some cases, confidential information. If you notice any unusual activity, such as receiving replies to messages that you didn’t send, or if your friends complain about strange messages coming from your account, it’s important to take steps to protect your privacy immediately”, comments SeifallahJedidi, Head of Consumer Channel, META, at Kaspersky.
While you can check instruction on what to do in case WhatsApp account was already compromised, here are the key steps on how to avoid WhatsApp account to be hacked:
- Enable two-step verification in WhatsApp and memorize your PIN — it’s not a one-time code. To do this, go to Settings → Account → Two-step verification.
- Never, ever share your PIN or one-time registration codes with anyone. Only scammers ask for these details.
- WhatsApp recently introduced support for passkeys. If you enable this option (Settings → Account → Passkeys), logging in to your account will require biometric authentication, and instead of PIN codes, your smartphone will store a long cryptographic key. This is a very secure option, but it may not be convenient if you frequently change devices and switch between Android and iOS.
- Set up a backup email address for account recovery: Settings → Account → Email address.
- If you’ve already added an email address, log in to your email account and change your password to a strong, unique one. To store it securely, use a password manager, such as Kaspersky Password Manager.
- Enable two-factor authentication for your email account.
- Make sure you haven’t fallen victim to a SIM swap scam. Contact your mobile carrier — preferably in person — and verify that no duplicate SIM cards have recently been issued for your number. Also, make sure there’s no unauthorized call-forwarding set up on your number. Cancel any suspicious changes and ask the staff about additional security measures for your SIM card. These may include prohibiting SIM-related actions without your being present, an extra password required for authentication, or other protections. Available security measures vary significantly by country and mobile carrier.
Any security measures in WhatsApp will be of little use if your smartphone or computer is infected with malware. Therefore, be sure to install comprehensive protection like Kaspersky Premium on all your devices.During the Holy month of Ramadan anyone who purchases Kaspersky Premium solution, will receive a 30% discount. Moreover, the offer includes complimentary 1-month OSN Plus Subscription with unlimited access to a vast catalogue of top series and movies in stunning 4K – completely ad-free anytime, on any device.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at https://www.kaspersky.com.
