WhatsApp OTP Hijack Scam: Hackers Pretend to Be Your Friends and Ask for OTP to Steal Your Account – Know How to Stay Safe
A new scam is making the rounds on WhatsApp, where users are tricked into sharing OTP (One-Time Password) codes, allowing cybercriminals to hijack their accounts.
What’s Happening?
Scammers gain access to a user’s WhatsApp account and then send messages to their contacts, pretending to be them. These messages typically say: “Hey, I mistakenly received an OTP meant for you. Can you share it with me?” Since the request appears to come from a trusted contact, many users fall for it.
Once the OTP is shared, the attacker uses it to log the victim out of their own WhatsApp account and takes full control. This includes access to messages, contacts, media, and files. The scam then continues with the victim’s contacts.
How the Scam Works:
- A user receives a message from a known contact asking for an OTP.
- Thinking it’s harmless, the user shares the code.
- The scammer uses the OTP to access and hijack the account.
- The process repeats with more contacts from the hacked account.
Why Is This Dangerous?
Many users don’t realize that their contact’s account is already compromised. By the time the scam is noticed and reported to Meta or authorities, the scammer may have targeted many others.
How to Stay Safe:
- Never share OTPs with anyone—even trusted friends or family.
- Ignore messages asking for verification codes, especially if they seem unusual.
- Let OTPs expire instead of responding if you’re unsure of their source.
- Report suspicious messages to WhatsApp and contact your friend directly to confirm if they sent it.
- Avoid clicking on unknown links or downloading media from unfamiliar messages.
Always remember: OTPs are meant for you alone. Sharing them—even once—can put your account at risk.
