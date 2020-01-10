Fraudsters are hijacking Whats App accounts in South Africa and using them to solicit money from people.

The scam relies on first hijacking your phone number – and getting back control of the number is the fastest way to get back control of Whats App.

Here’s what else you can do, including dealing with two-step verification, emailing Whats App – and warning people in your Whats App groups:

If you can’t get your number back fast, email Whats App.

Whats App offers a last-ditch way to deactivate your account via email. Send a mail to support@whatsapp.com, with this exact phrase in the subject and body of the mail: “Lost/Stolen: Please deactivate my account”. Add your phone number in the body of the mail, in the international number format +27 XX XXX XXXX, and remember to drop the first zero in 083 or 082.

Once you have your number back, log in to WhatsApp – and log out web users.

Once you sign in to Whats App, anyone else using your number is logged out automatically, so log in as soon as you are receiving SMS’es again.

But that won’t necessarily stop an attacker from still impersonating you using the Whats App web interface. To prevent that, go to to settings in Whats App, select “Whats App Web”, and click on “Log out from all devices”.

If you are asked for a verification code you didn’t set up, you’ll have to wait a week.

Whats App allows you to create a six-digit PIN number to prevent account hijacking. If you don’t activate that option, an attacker can do so while controlling your account – locking you out.

The bad news is that there is nothing you can do except wait. After a WhatsApp account has been inactive for 7 days it become possible to log in without a verification code. Your hijacker is kicked out before you are asked for that six-digit PIN number, which means neither of you can use the account, and it it will sit idle. A week later you – as the person who gets the SMS’es – will win out.

Let your Whats App groups know they were compromised – and check for new members if you are an admin.

At attacker who hijacks your Whats App account has access to all the groups of which you are a member – and which you administer.

It’s only polite to let people know that their conversations could have been spied on while your account was compromised, even if the discussion isn’t secret or sensitive.

If you administer any groups, check for new members added by “you” while you were being impersonated, or a scammer could keep listening in.

SOURCE: Business Insider SA