Code shared, account snared: The six-digit WhatsApp scam that has caught even celebs in its web

Imagine this: one day, you lose access to your WhatsApp. Your personal hangout spot is no longer yours. Someone else has taken control of all your personal chats and shared memories. Scary, right?
WhatsApp logo used for representation only.
WhatsApp logo used for representation only.
Updated on
5 min read

596 million. That's the number of WhatsApp users in India.

At more than one-third of India's population, the figure stands testimony to the popularity of Facebook's almost ubiquitous messaging app in the country.

For many Indians, WhatsApp is more than just another app. It's a way of life, a digital hangout they can't dream of living without.

From discussing life's gravest crises to cracking jokes, sharing memes and catching up with family and friends, it’s where conversations happen, memories are shared, and connections thrive.

But imagine this: one day, an intruder slides in and seizes control of all your personal chats and shared memories. Scary, right?

This isn't just a hypothetical situation or a nightmare – it's the reality for a growing number of people in India as WhatsApp hacking cases continue to rise.

When that bosom friend traps you

The ordeal could begin on a regular day when you're scrolling through your phone, catching up with WhatsApp messages. Suddenly, a notification pops up – from a long-time friend, someone you've known for years. You tap and open the chat window in anticipation.

Greetings and pleasantries flow before a seemingly harmless message is slipped in: "Hey, I've got a new phone, and I think I accidentally sent a code to your number. Can you send that back to me?"

No alarm bells ring. After all, here's a friend you trust, someone you've shared countless memories and moments with.

So, without the slightest hesitation, you send the One Time Password (OTP).

And before you know it, boom – your account is hacked.

That innocent message, that one moment of trust, has cracked open the door to the vault storing all your personal information.

Cold truth sinks in. A friend in need… but not a friend indeed!

WhatsApp hacks in India

Once your account is compromised, a chain reaction is unleashed.

The hackers use your account to target others in your contact list, employing the same simple trick. Like a row of dominoes, one by one, your friends and contacts are drawn in, and they all fall.

It's one of the oldest tricks in the book - deceiving users into sharing the six-digit setup codes WhatsApp sends when switching phones, leading to account hijacks.

Even though the scam is straightforward, many still fall for it.

No matter what you do in sheer desperation, you won't be able to regain your account. After all, the hackers now have full control.

They can message your friends, asking them to make UPI payments or share personal details. And if you try to warn your contacts about the hack by sending messages through your account, the hackers will quickly delete these messages too.

While there is no official data on the exact number of such WhatsApp hacks in India, an increasing number of people are being ensnared.

On December 6, for instance, renowned Indian filmmaker and cinematographer Santhosh Sivan took to Instagram to announce that his WhatsApp had been hacked and warned followers not to respond to any messages from his account.

"Folks, my WhatsApp is hacked. Please don't respond to any messages from me, it's a scam," he wrote.

Previously, in August 2024, Nationalist Congress Party (NCP) MP Supriya Sule had shared on the microblogging site X that her phone and WhatsApp account had been hacked.

Many other reports have highlighted how less well-known users have faced similar issues.

The rise of WhatsApp hacking scams has in fact reached alarming levels and a situation that almost feels straight out of a Black Mirror episode unfolded recently.

Mark Read, CEO of WPP, the world’s largest advertising group, became the target of a deepfake scam that involved an AI-generated voice clone.

Fraudsters created a WhatsApp account using a publicly available photo of Read and arranged a Microsoft Teams meeting that appeared to be with him and another senior executive from WPP, according to The Guardian.

During the meeting, the scammers used an AI voice clone of Read, along with YouTube videos of him, and even impersonated him off-camera through the meeting's chat window.

The scam, which ultimately failed, tried to convince an "agency leader" to set up a new business in order to steal money and personal information.

Although the scam was unsuccessful, it serves as a scary reminder of the growing dangers of how AI could also be used by fraudsters in the days to come.

So, what can be done?

Grandma was right: Prevention is always better than cure

As always, when it comes to cybersecurity, prevention is in fact better than cure.

The most important advice for all WhatsApp users is simple: never share the six-digit code sent to your phone with anyone no matter who asks for it or how they ask. These are almost always scams designed to hijack your account and will be used to target others for money or sensitive information.

To protect yourself from such attacks, here are three essential security measures you should enable immediately:

  1. Enable Two-Step Verification (Multi-Factor Authentication):

    WhatsApp's two-step verification adds an extra layer of security. You can activate it by going to Settings > Account > Two-Step Verification in the app. This requires you to set up a personal PIN, and a six-digit code. Both will then be needed to move your account to a new phone.

  2. Add an Email Address: Under Settings > Account, link an email address to your account. This helps verify your identity if you ever need to recover your account. While it won't stop a hijack, it can assist you in regaining access.

  3. Set up a Passkey (if available): If your device supports it, enable Passkey to link your WhatsApp login to your device's biometric authentication, like a fingerprint or facial recognition. While convenient, this feature complements rather than replaces Multi-Factor Authentication, which remains your strongest defence against account takeovers.

The 1930 tangle

It is all the more important to exercise these precautions since the national cybercrime helpline, 1930, is difficult to reach according to most people who have tried it.

TNIE too tried to reach the number on Friday and found help was unavailable.

A helpline that is meant to be a lifeline during moments of crisis failing to function is a serious cause for concern. This is especially troubling for those facing the increasing threat of cybercrime, where immediate assistance is crucial.

The situation doesn't improve with the website dedicated to reporting cybercrimes.

The portal asks users to report the phone number from which the hackers contacted them. However, this becomes a problem in cases like WhatsApp hacks, where the number involved could belong to a trusted friend or even your own phone.

Source | cybercrime.gov.in
Source | cybercrime.gov.in

This makes the reporting process not only confusing but also ineffective, as the very numbers that need to be flagged are often mistakenly deemed "safe". It highlights a serious gap in the system that leaves victims feeling all the more frustrated.

In today's digital age, trust is precious, and so is your online security. WhatsApp connects millions of lives, but remember it's only as safe as the precautions you take.

By staying alert, using the right security settings, and thinking twice before sharing personal details, you can keep hackers at bay. After all, your virtual world deserves the same care as your real one.

Related Stories

No stories found.

X
The New Indian Express
www.newindianexpress.com