Incidents of WhatsApp account takeovers have risen sharply across Pakistan,
prompting **National Emergency Response Team** (National CERT) to issue a
nationwide cybersecurity alert.
In an advisory, National CERT said cybercriminals are increasingly
exploiting tactics such as fake phone calls, phishing links, one-time
passwords (OTPs), and malicious QR codes to gain unauthorised access to
WhatsApp accounts. Both personal and business accounts are considered at
high risk.
The attackers often impersonate WhatsApp support staff, telecom service
providers, or even known contacts to trick users into sharing sensitive
credentials. Once compromised, hijacked accounts are commonly used for
financial fraud, impersonation, and the spread of deceptive messages.
National CERT identified warning signs including unexpected account
logouts, unfamiliar linked devices, and unsolicited OTP messages as
indicators of a potential breach.
Users have been strongly advised not to share verification codes, PINs, or
QR codes under any circumstances. Enabling two-step verification and adding
a recovery email were highlighted as key security measures.
The advisory further stated that users who suspect their accounts have been
compromised should immediately reinstall WhatsApp, verify their phone
number again, and report suspicious activity through official channels.