When a loved one’s WhatsApp account gets hijacked, minutes matter. Scammers typically impersonate victims to trick friends and family into sending money or sharing verification codes. Here’s a no-panic, step-by-step guide you can follow — from confirming the hack to reporting financial fraud.
1) Confirm it’s really a hack
Don’t rely on WhatsApp messages; call your relative on their regular phone number or meet in person.
Warning signs:
-
Urgent money requests sent to contacts.
-
Messages asking for a 6-digit WhatsApp code.
-
Your relative suddenly logged out of their app.
-
Login alerts from new devices.
⚠️ Never share your verification code with anyone — not even “WhatsApp Support.”
2) Re-register the number to kick the hacker out
On your relative’s phone, open WhatsApp, enter the correct number, and type the SMS or call verification code.
This automatically logs the attacker out.
-
If the SMS doesn’t arrive, try “Call me” after one minute.
-
WhatsApp only sends codes by SMS or voice call — not by email (unless a recovery email was set earlier).
3) If a PIN blocks you
If a PIN screen appears but your relative never set one, the attacker enabled Two-Step Verification.
Options:
-
Use the recovery email (if it was added before).
-
Otherwise, wait for the lockout period to expire, then try again.
4) Lock the account down
Once access is restored:
-
Enable Two-Step Verification: Settings → Account → Two-step verification → Turn on. Add a recovery email.
-
Check Linked Devices: Log out of all devices you don’t recognize.
-
Update WhatsApp and the phone OS to the latest version.
5) Warn everyone immediately
Send a clear SMS or make calls to key contacts:
“My WhatsApp was hacked. Ignore any code/money requests from me. I’ve regained control now.”
This breaks the attacker’s chain of scams.
6) If money or data was stolen
-
Take screenshots of suspicious chats, bank transactions, phone logs, and attacker’s numbers.
-
Contact your bank to flag transfers and attempt reversals.
-
Report to Pakistan’s National Cyber Crime Investigation Agency (NCCIA) — helpline 051-9106691, email helpdesk@nr3c.gov.pk, or nearest NCCIA office.
7) What not to do
-
Don’t forward “I sent you a code by mistake” messages.
-
Don’t argue with or reply to the hacker in WhatsApp.
-
Don’t delete evidence before backing it up.
8) File a complaint (optional template)
Subject: WhatsApp Account Compromise — [Name & Number]
Include:
-
Date/time of compromise
-
Device details
-
Attacker’s number/profile
-
Evidence attached (screenshots, bank references, call logs)
-
Request for investigation & recovery support
Attach CNIC copy and contact details as required.
9) Prevention checklist (for the whole family)
-
Turn on Two-Step Verification with a recovery email on all accounts.
-
Remind relatives: no one needs your 6-digit code.
-
Use Linked Devices cautiously; log out after use.
-
Always verify urgent requests by calling directly.
Bottom line
The fastest way to regain control is to re-register the number, then immediately enable Two-Step Verification and purge linked devices. Warn your contacts, document evidence, and if money is lost, report to your bank and NCCIA. A calm, structured response stops the hacker’s access and limits damage.