Hackers have found a new method to hijack WhatsApp accounts. They take over the account via voicemail and use your WhatsApp number on their own telephone. Fortunately, you can secure an account against this with a few simple steps.

In 2019, more than a million euros in damage was reported by WhatsApp fraud, according to figures on Tuesday that NU.nl has requested from the Fraud Help Desk. One of the methods that scammers use is to hijack phone numbers that are associated with a WhatsApp account.

This is done as follows: to start using a WhatsApp account, the company must confirm the telephone number. For this WhatsApp usually sends a code via sms, but you can also have this code sent to your voicemail. Due to poorly secured inboxes, for example with the PIN code 0000, hackers can retrieve this code and hijack your WhatsApp account. The following two ways prevent you from becoming a victim,

Secure your WhatsApp account with an extra code

You can protect your WhatsApp account by means of so-called two-step verification. Your account uses a unique code, which you must enter every so often to confirm that you are the rightful owner. With that you can also keep out malicious parties.

When you (or someone else) log in to your WhatsApp account on a smartphone, the second pin code, which is linked to an e-mail address, must be entered. This way hackers cannot get into your account, even if they fish the verification code from your voicemail.

This is how you set up two-step verification on WhatsApp

  • Open WhatsApp on an iPhone or Android smartphone
  • Go to 'Settings' and choose 'Account'
  • Go to "Enable two-step verification" and set the code

The next time you want to log in to WhatsApp you have to enter this six-digit pin code and you are logged in for seven days. Every few days WhatsApp asks you to re-enter the code. If you forget the pin code, you can set a new code via the specified e-mail address.

But the most important thing is that this pin code is always requested when you log into WhatsApp on a new device, because that is exactly what the hackers are trying to do. Without access to the pin code or your e-mail address, this will be impossible.

See also: What is two-step verification and what should I do with it?

Do not use 0000 to listen to your voicemail

Secondly, you can better protect your voicemail by setting a good security code. Many people do not set a unique security code for their voicemail, so that hackers with a standard code such as 0000 or 1234 can easily log in.

Setting a security code for your voicemail works differently with the different providers. We list how you do this for the major providers.

For example, you set a security code for your voicemail at the major providers

  • KPN: Call 1233 and press 2 for settings and option 1 to change the access code.
  • T-Mobile: Call 1233 and choose 9 for mailbox settings. Then press 2 for settings and again 2 for password. Enter a new code.
  • Tele2: Call 1233 and choose 4 in the main menu. You can then replace the standard pin code with your own unique code.
  • Vodafone: Call 1233 and press 11 for the main menu. Then choose 2 for personal settings and then 3 for setting a pin code.

Is your provider not listed? Then have a look on the website of the provider how you can protect your voicemail with a pin code or contact customer service.

Why do hackers want to hijack your WhatsApp account?

A WhatsApp account is not worth any money. Scammers can use your account to scam others. For example, by approaching a friend of the hacked account to quickly transfer money for a so-called emergency. That way they can scam others under your name.

See also: The most used tricks for scams via WhatsApp