Pakistan’s National Cyber Emergency Response Team (National CERT) has issued a nationwide alert warning of a sharp increase in WhatsApp account hijackings targeting users across all age groups and regions. The advisory described the attacks as active, widespread, and highly severe.
The advisory explained that attackers rely on social engineering techniques rather than exploiting WhatsApp’s software vulnerabilities. Hackers trick users into sharing one-time passcodes, manipulating call-forwarding, sending phishing links, and using malicious QR codes to compromise accounts.
Read more : WhatsApp users at risk: PTA issues urgent cyber fraud alert
Once hijacked, accounts can be used to impersonate victims, defraud contacts, access private messages, and spread harmful content. National CERT highlighted that organisations using WhatsApp for business communications are also at risk of data exposure and fraud.
All versions of WhatsApp are vulnerable, including Android, iOS, Web, Desktop, and WhatsApp Business. The advisory stressed that accounts without two-step verification are particularly at risk, and that user interaction, like sharing codes, usually enables hijacking.
Read more : WhatsApp business gets smarter with AI and voice calling
To prevent attacks, National CERT urged users to enable two-step verification, regularly check linked devices, avoid sharing verification codes or PINs, and remain cautious of unsolicited messages requesting money or sensitive information.
For compromised accounts, the advisory outlined recovery steps including reinstalling WhatsApp, re-verifying phone numbers, and resetting security settings. Users may face a seven-day lockout if attackers enable two-step verification without a recovery email, during which messages cannot be accessed.