Attacks to hijack messaging accounts continue to rise. Company experts warn about the most common impersonation methods on this app and share key steps to regain access and prevent it from happening again.
It’s becoming increasingly common for cybercriminals to hijack WhatsApp accounts to impersonate victims and contact their family or friends with fake messages, usually claiming emergencies or urgent favors. At Kaspersky, we’re warning about this growing trend and sharing practical recommendations for recognizing an attack, regaining control of your account, and preventing it from happening again.
A compromised account may exhibit strange behavior:
- Answers that the user did not send,
- Messages deleted without explanation,
- Changes in name, photo, or status, and even inclusion in unknown groups.
- In the most severe cases, the app logs you out and notifies you that the account is active on another device.
This happens because attackers can access an account in two ways. One is through the “Linked Devices” feature, which allows them to connect their device without disconnecting the account holder. This allows them to read messages and monitor conversations in real time. The second, more aggressive way is to register the account on another phone as if it were a legitimate account transfer. If the attacker manages to obtain the verification code sent by SMS, call, or through a pop-up message from the same app—something they commonly achieve through social engineering or SIM duplication—full control of the account passes into their hands, completely disconnecting the original user.
If you suspect your account has been compromised, you can still log in to the app by logging out of all open sessions from your settings. If you’ve already been locked out, try signing in again with your phone number. If you’re prompted for a two-step verification PIN that you didn’t set up, the attacker may have enabled it. In that case, you can reset it from your linked email address, or if you don’t have one, you’ll have to wait seven days to regain access.
An effective way to prevent these types of incidents is to have a security solution installed on your mobile device, capable of detecting malicious access attempts, fraudulent links, and suspicious apps before they compromise your data. However, it is estimated that more than 43% of users in Latin America still do not have active protection on their phones, according to Kaspersky’s Digital Hangover study , leaving them exposed to these increasingly frequent threats.
It’s also essential to inform your contacts as soon as possible to prevent anyone from falling for a scam, believing you’re behind the messages. Ideally, this should be done by phone call or through other direct channels. To warn more people, you can update your WhatsApp status with a clear alert and share it on your social media. Although 39% of Latin Americans say they usually ignore or delete suspicious messages, according to another Kaspersky study , this figure tends to drop when attackers pose as family members or close friends, appealing to urgency or an emotional connection.
“What’s worrying about these attacks isn’t just their increasing volume, but their level of sophistication. These are no longer simple account takeovers, but well-planned schemes that combine identity theft, social engineering, and financial fraud. The attackers aren’t just looking to steal information, but also to emotionally manipulate the victim’s contacts to obtain money or access to other accounts. Furthermore, by using real accounts, they manage to evade many automated security filters. This is a worrying development in digital crime, where trust between people is the real target,” says María Isabel Manjarrez, security researcher on the Global Research and Analysis Team for Latin America at Kaspersky.
To significantly reduce the risk of falling victim to this type of attack, Kaspersky experts recommend:
- Enable two-step verification: This feature adds an extra layer of protection that prevents an attacker from accessing your account, even if they obtain the registration code.
- Associate a recovery email: Having an email address linked to your account allows you to quickly restore access if someone tries to lock you out.
- Avoid sharing codes or links: No legitimate service will ask you to share your verification code. If someone asks for it, it’s a fraud attempt.
- Request additional protection from your mobile operator : Ask your provider to block the issuance of duplicate SIM cards without in-person verification or an additional password.
