Pakistan National Cyber Emergency Response Team (National CERT) has issued a nationwide advisory warning citizens about a sharp increase in WhatsApp hacking incidents across the country. The alert highlights that cybercriminals are actively targeting WhatsApp users using scams and deceptive methods.
How Hackers Are Operating ?
According to the advisory, attackers are using social engineering techniques including fake promotional links, impersonation of courier services or acquaintances, and requests for one‑time passwords to trick people into giving away verification codes and sensitive information. Once this data is shared, hackers can gain unauthorized access and take control of the account.
Fraudulent Tactics Explained
Many recent cases involve scammers posing as trusted contacts or official entities. They either send fake messages or call victims, claiming urgent situations that require the victim to share the OTP (one‑time password). After gaining access, fraudsters then use the hijacked account to deceive the victim’s contacts, often asking for money or spreading malicious links.
Risks of Account Hijacking
National CERT warns that successful WhatsApp account takeovers can lead to identity theft, financial losses, privacy violations, and reputational damage. Compromised accounts may be used to defraud family and friends, distribute phishing content, or spread false information.
Security Measures for Users
The advisory strongly urges users to take protective steps: enable two‑step verification on WhatsApp, avoid sharing any OTPs or personal codes with callers or messages, and never click on suspicious links. Verifying any unusual financial requests by directly calling the person first is also recommended.
Public Awareness Is Key
Cybersecurity experts emphasize that awareness and caution are crucial to prevent such scams. Authorities and technology professionals are urging users especially the elderly and less tech‑savvy individuals to understand how these fraud tactics work and how quickly attackers can exploit a shared code to take over an account.
