What to do if your relative’s WhatsApp has been hacked — a simple step-by-step guide

If a loved one’s WhatsApp gets hijacked, minutes matter. Here’s the clean, no-panic playbook you can follow, from the very first call to filing a report if money is involved.

1) Confirm it’s really a takeover

• Call your relative on a normal phone call (or meet in person). Don’t rely on WhatsApp to confirm; the attacker may be replying.
• Red flags: friends receiving 'urgent money' requests, messages asking for a 6-digit code, new login alerts, or your relative being suddenly logged out. Never share verification codes with anyone — not even 'WhatsApp Support'.
• Received verification code without requesting it | WhatsApp Help Center

An example of a scam message

2) Take the account back (this logs the hacker out)

• On your relative’s phone, open WhatsApp and register the correct number. Enter the SMS/phone call verification code you received. When you successfully re-register, anyone else using that number is automatically logged out.
• Can’t get the code?
  • Try the 'call me' option after waiting a minute.
  • WhatsApp only sends registration codes by SMS or call (email works only if an email was added earlier for PIN recovery).
• Can’t register phone number | WhatsApp Help Center

3) If a PIN screen blocks you (attacker enabled two-step verification)

• If your relative never set a PIN but WhatsApp is asking for one now, the attacker probably enabled it.
• Two options:
  • Use the recovery email (if previously added) to reset the PIN immediately; or
  • Wait for the built-in lockout period to pass before you can re-verify without the attacker’s PIN. Then complete registration again.
• How to manage two-step verification settings | WhatsApp Help Center

4) Lock it down (right after regaining access)

• Enable Two-Step Verification: WhatsApp → Settings → Account → Two-step verification → Turn on. Add a recovery email. This prevents a repeat takeover.
• Review “Linked Devices”: WhatsApp → Linked Devices → Log out of every device you don’t recognise.
• Update the phone (iOS/Android) and WhatsApp to the latest version.
• About linked devices | WhatsApp Help Center

5) Broadcast a warning to everyone

• Send a plain, unmistakable SMS (or call key contacts):

'My WhatsApp was compromised. Ignore any recent requests for codes or money. I’m back in control now — if you got anything odd from me, please delete and report it.'

• This stops the attacker’s momentum and protects others from social-engineering traps where victims are tricked into sharing the 6-digit code.
• Received verification code without requesting it | WhatsApp Help Center

6) If money or data were stolen

• Document everything: screenshots of chats, phone call logs, amounts, bank references, the attacker’s number/profile, and the approximate time of takeover.
• Contact your bank immediately to flag transfers and attempt chargebacks.
• Report to the authorities: In Pakistan, cybercrime investigations are handled by the National Cyber Crime Investigation Agency (NCCIA) — an independent authority as of April 22, 2025. Public contact includes helpline 051-9106691 and helpdesk@nr3c.gov.pk. Visit your nearest NCCIA circle office if needed.

Note: Authorities recently warned about WhatsApp takeover scams circulating via fake messages. Always verify official helplines and announcements.

National Cyber Crime Investigation Agency becomes independent authority

7) What not to do

• Do not forward any “I sent you a code by mistake — please share it” messages. It’s the classic takeover trick.
• Do not keep chatting with the attacker inside WhatsApp — you only confirm you’re reachable.
• Do not delete evidence before you’ve backed it up for your bank/complaint.

8) Optional: template complaint (you can adapt and file with NCCIA)

Subject: WhatsApp Account Compromise [Your Relative’s Full Name] [Phone Number]
Details:

• Date/time of compromise: [dd/mm/yyyy, hh:mm]
• Device/OS: [e.g., Android 14, iPhone iOS 17]
• Attacker’s numbers/handles (if visible): [list]
• Harm: [any money loss/data exposure/impersonation]
• Evidence attached: screenshots, bank references, call logs
• Request: Investigation, preservation requests to Meta/WhatsApp, and assistance in recovery/refunds.

(Attach CNIC copy and contact details as required by the portal/office.)

9) Prevention checklist (do it for the whole family)

• Turn on Two-Step Verification for every WhatsApp account and add a recovery email.
• Educate relatives: no one — not WhatsApp, not a bank, not “your child” — needs your 6-digit code.
• Use Linked Devices sparingly; sign out after using shared computers.
• Treat any urgent money message as suspicious; always call to verify first. (Recent waves of WhatsApp fraud rely on urgency and impersonation.)

Bottom line

Recover the account by re-registering the number, then immediately enable two-step verification and purge linked devices. Warn everyone, collect evidence, and if there’s financial loss, report it and inform your bank. This calm, linear response shuts down the attacker’s access and limits damage — fast.

About lost or stolen phones and accounts | WhatsApp Help Center

Editor’s note: This guide reflects policies and public guidance available as of September 2, 2025. Platform procedures and local reporting channels can change; readers should check the latest official advisories before acting.