Get your hacked WhatsApp account back

South Africans who have had their WhatsApp taken over by a hacker or other malicious party can regain control over their account relatively easily and quickly.

A MyBroadband reader recently had their WhatsApp account hijacked after falling for a phishing attack.

The victim had received a message from a known and trusted contact on WhatsApp asking them to share a 6-digit code they received by SMS.

The known contact claimed they had accidentally sent the code to them and asked that the reader send it back to them.

The reader found the message slightly suspicious, but because it was written naturally and in their home language, they shared the code.

Soon thereafter, the reader was kicked out of their WhatsApp account.

It turned out that the victim’s known contact had their WhatsApp account compromised and that hackers were at the other end of the known contact’s chat.

After also taking over the reader’s account, the hackers started spamming the victim’s groups with explicit images and labelled all groups where they were admin as “Hack group virus attack”.

In addition, they removed all members of the groups and asked that other groups’ admins make them an admin as well.

Fortunately, the victim’s cellphone number was not compromised in a SIM swap, so they could regain access to their account by re-registering their device by requesting the 6-digit code be sent to their phone number.

However, when attempting to generate the code, the victim received a message that there had been too many “guesses” of the code.

That is despite the fact that they had not tried to guess the code at any point.

WhatsApp implements this measure to prevent attackers from taking over an account by generating random 6-digit codes and injecting them into the app until they guess correctly.

The hackers likely deliberately sent multiple code requests for the same number to block the victim from regaining control of their account.

Contacting WhatsApp support

Despite waiting several days, WhatsApp kept presenting the user with this error.

Fortunately, the window included an option to contact WhatsApp support directly and explain the issue.

After tapping the “Contact support” button, the victim provided the following description of their problem:

“Good day. I am trying to reverify my number after a phishing attack took over my account. I still have access to the number linked to my account, it was not SIM swapped. However, every time I try to request the code, I get an error that I guessed too many times. The 6-digit code is never sent to my phone number. Please help.” 

They also had the option to include a screenshot with the description of the issue.

WhatsApp read the description of their issue and then gave a list of potential explanations that could provide

Because none of these explanations addressed the “too many guesses” problem, the user tapped the “This doesn’t answer my question” button.

At one point in the support procedure, the app randomly brought up the option to open another app without explanation.

After a quick Google search, they figured out that WhatsApp needed them to send the description and screenshot via an email app.

Within minutes, the received the 6-digit code via SMS and could again use their WhatsApp account.

7-day PIN delay

Another issue to be aware of is that hackers might activate and create a PIN on the account while it is compromised.

WhatsApp mitigates against this by allowing a new device registration without a PIN every seven days, as long as the user still has control of the phone number.

In addition, it recently added the ability to add an email address as a backup verification method in case the user forgot their PIN.

If the user did not use this option, they would have to wait seven days before they can regain access to their account.

Below are useful tips for avoiding getting locked out of your WhatsApp account and urgent steps you should follow if it is taken over:

• Do not share verification codes received via SMS or email to other contacts, even those you are familiar with.
• Immediately notify contacts if your account is taken over by sending a mass SMS from the same number informing them to be wary of any messages received on WhatsApp from you.
• Create a complex but memorable PIN as an additional registration barrier.
• Set up email verification as a backup method for logging in, in case you forgot your PIN.
• If your number was compromised in a SIM swap, contact your mobile network quickly and request that the number be blocked before getting a new SIM card and registering your device.