How can I check my WhatsApp account?

WhatsApp account stolen: what's really behind it?

Theft protection: Safety instructions from WhatsApp
Image: WhatsApp In recent weeks, users on Twitter and Reddit have apparently reported the loss of their WhatsApp accounts, which are said to have been "stolen by hackers". The magazine WABetaInfo reports on this.

The question arises: Can this really happen? The answer is yes, because some WhatsApp users may not be aware of the importance of the six-digit verification code.

Request to forward the SMS verification code

WABetaInfo and WhatsApp itself explain on a service page that every WhatsApp user needs an active SIM card to log into their WhatsApp account, on which one can receive SMS or calls so that WhatsApp can send a confirmation code, which can also be used as a six-digit code is designated. This six-digit code is like a password - it is secret and must not be passed on under any circumstances.

But apparently it always succeeds in taking over WhatsApp accounts via this six-digit code, so that the hacker can then impersonate the hacked person, for example in group chats. It works like this: First, the hackers send a message with a text like this: "Hey! I need to get an SMS code from WhatsApp, but my phone is currently unable to receive SMS. So I gave your phone number: Can you tell me the code that you received via SMS?" If this message comes from a previously hacked account of a friend or relative you really know, you might think it was a safe favor. If you then pass on the SMS code, you have to expect that your own account will also be taken over. This works especially when the hackers can gradually take over all accounts of a group via the scam, because every member falls for the fraud. Theft protection: Safety instructions from WhatsApp
Image: WhatsApp

Other stitches to get the verification code

Some of the fake accounts are created with virtual telephone numbers that are actually not authorized to use WhatsApp. In this case, too, the hackers come up with a false story in order to convince inexperienced users to pass on their six-digit code. The sent message then looks like this, for example: "Your WhatsApp account will expire in 2 days. You need to renew it by sending the code we sent via SMS." Or: "The WhatsApp team needs to know if you are really human: Send the six-digit code that you just received via SMS in this chat." A message like this would also be conceivable: "[WHATSAPP]: We detected unusual activity on your account. Please confirm your identity with the verification code."

But you have to know that no one will ever ask for the six-digit code in WhatsApp channels, not even WhatsApp. The code is like a password, and passwords must not be given away. The messenger service also recommends using only official WhatsApp builds from the App Store, TestFlight, the Google Play Store or the official WhatsApp website. Unauthorized WhatsApp versions can compromise privacy and security.

What to do with a stolen WhatsApp account

Anyone who suspects that another user is using the WhatsApp account should notify family and friends in a different way, as the hacker can impersonate the person with the taken over account in chats and groups.

To take over your own account again, you have to log into WhatsApp with your own telephone number and verify the telephone number by entering the six-digit code that you received via SMS. As soon as you have entered the six-digit SMS code, the hacker who is illegally using the account will be automatically logged out.

Another problem can arise here: The hacker who is using their own account may have activated two-step verification. Then you are usually asked to enter the code for the verification in two steps - but you do not know this code. In this case, you have to wait seven days to log in without the code for two-step verification. Because even if you don't know this verification code, the other person will be logged out of the account and you can then take it over after a week.

Two-factor authentication (2FA) is an additional security tool to protect accounts from unauthorized access. We took a look at the 2FA using a few examples and show how to activate it.