Incidents of WhatsApp account takeovers have risen sharply across Pakistan, prompting **National Emergency Response Team** (National CERT) to issue a nationwide cybersecurity alert.
In an advisory, National CERT said cybercriminals are increasingly exploiting tactics such as fake phone calls, phishing links, one-time passwords (OTPs), and malicious QR codes to gain unauthorised access to
WhatsApp accounts. Both personal and business accounts are considered at high risk.
The attackers often impersonate WhatsApp support staff, telecom service providers, or even known contacts to trick users into sharing sensitive
credentials. Once compromised, hijacked accounts are commonly used for financial fraud, impersonation, and the spread of deceptive messages.
National CERT identified warning signs including unexpected account logouts, unfamiliar linked devices, and unsolicited OTP messages as
indicators of a potential breach.
Users have been strongly advised not to share verification codes, PINs, or QR codes under any circumstances. Enabling two-step verification and adding a recovery email were highlighted as key security measures.
The advisory further stated that users who suspect their accounts have been compromised should immediately reinstall WhatsApp, verify their phone
number again, and report suspicious activity through official channels.