7 ways to ensure your WhatsApp account doesn’t get hacked

WhatsApp accounts are a popular target for cybercriminals, not only for jealous spouses and nosy coworkers but also for malicious actors.

Stolen WhatsApp accounts are frequently used for various criminal activities, including spam distribution, scams, and other illicit schemes. Cybercriminals are constantly seeking WhatsApp accounts and use various methods to gain unauthorised access.

How cybercriminals can gain control of your account

Cybercriminals can take control of a WhatsApp account in two ways: by adding another device to the existing account using the “Linked devices” feature, or by re-registering the account on their own device, as though the user had bought a new phone.

Read-WhatsApp launches ‘Lists’ in UAE: What the new feature has to offer

In the first case, the user can continue using WhatsApp normally, but the criminals also have access to all recent conversations.

In the second case, the user loses access to their personal account. When attempting to log in, WhatsApp notifies them that the account is already in use on another device. The attackers can then control the account but won’t have access to past conversations.

Protecting your privacy

“Messengers are a private space, often containing personal details about our lives, relationships, work, and sometimes confidential information. If you notice unusual activity, such as replies to messages you didn’t send or your friends complain about strange messages coming from your account, it’s important to take immediate action to protect your privacy,” says Seifallah Jedidi, Head of Consumer Channel at META, Kaspersky.

While instructions are available on what to do if your WhatsApp account is compromised, here are the key steps to prevent your account from being hacked:

1. Enable two-step verification and memorize your PIN — it’s not a one-time code.
   • Go to Settings → Account → Two-step verification.
2. Never share your PIN or one-time registration codes with anyone. Only scammers will ask for these details.
3. Enable passkeys for additional security. If activated (Settings → Account → Passkeys), you’ll use biometric authentication to log in, and your smartphone will store a cryptographic key instead of relying on PIN codes. This option is highly secure but may not be ideal if you frequently change devices or switch between Android and iOS.
4. Set up a backup email address for account recovery: Settings → Account → Email address.
5. If you’ve already added an email address, log in and change your email password to something strong and unique. Use a password manager, like Kaspersky Password Manager, to store it securely.
6. Enable two-factor authentication for your email account.
7. Avoid falling victim to a SIM swap scam:
   • Contact your mobile carrier — preferably in person — and verify that no duplicate SIM cards have been issued for your number. Also, ensure there’s no unauthorized call forwarding set up on your account. Cancel any suspicious changes and inquire about additional security measures for your SIM card. These may include requiring your presence for SIM-related actions, adding extra authentication passwords, or other security options. These measures vary by country and mobile carrier.

Any security features within WhatsApp will be ineffective if your smartphone or computer is infected with malware. Therefore, install comprehensive protection on all your devices.