Scam Message Checker

What to do if your WhatsApp was hacked

WhatsApp takeovers usually happen when a verification code is shared. Re-registering removes the attacker.

Quick answer

WhatsApp takeovers usually happen when a verification code is shared. Re-registering removes the attacker.

  • Re-register WhatsApp with your number to log the attacker out
  • Enable two-step verification with a PIN
  • Warn contacts not to act on recent messages
  • Check linked devices and remove unknown ones
Most urgent

Do this now

  1. Re-register WhatsApp with the SMS code to kick out the attacker.
  2. Turn on two-step verification (a PIN) in settings.
  3. Warn contacts not to act on messages from your account.

Understanding what happened

Losing WhatsApp usually means someone tricked you into sharing your 6-digit registration code, letting them register your number on their phone. The good news is that re-registering with a fresh code kicks them off immediately, because the account can only live on one device at a time.

Takeovers spread person to person: once in, the attacker messages your contacts pretending to be you, often asking for money or for their codes too. That's why warning your contacts quickly matters - the scam's whole value is impersonating someone people trust.

The lasting fix is turning on two-step verification, a PIN that's required to register your number again. With it on, a stolen code alone isn't enough, which closes the exact hole that let them in. Check 'linked devices' too, and remove anything you don't recognise.

If money was requested from your contacts, treat it as a wider incident: tell anyone who may have paid to contact their bank, and report the takeover. Recovering the account is usually quick; undoing messages sent in your name is mostly about fast, honest communication.

First 5 minutes

  1. Re-register WhatsApp with your number to log the attacker out
  2. Enable two-step verification with a PIN
  3. Warn contacts not to act on recent messages
  4. Check linked devices and remove unknown ones

First 24 hours

  1. Review any messages sent in your name
  2. Secure your linked email and SIM
  3. Report the issue to WhatsApp
  4. Watch for repeat attempts

Next 7 days

  1. Check linked devices and remove unknown ones.
  2. Watch for impersonation of you.
  3. Keep 2-step PIN private.

What not to do

  • Do not pay anyone who promises to recover your money for an upfront fee
  • Do not act on follow-up messages claiming to be the fraud team
  • Do not delete evidence before saving it

Evidence to save

  • Screenshots of the message and sender details
  • Phone numbers, usernames, links, and account or wallet addresses
  • Transaction references, receipts, and amounts

How to save scam evidence →

How to report

  1. Gather your evidence first (screenshots, dates, amounts, any reference numbers).
  2. Report to your national fraud/cybercrime body and, if money moved, to your bank.
  3. Find the right official links for your country in the reporting directory.

Find official reporting links for your country in the reporting directory.

  • Do not use phone numbers or links from the suspicious message - look up the official ones yourself.
  • Report quickly if money was sent or ID documents were shared; speed improves your options.
  • Keep your evidence - see how to save scam evidence.

Beware of recovery scams: no legitimate service guarantees getting your money back for an upfront fee.

Stop it happening again

Turn on WhatsApp two-step verification (a PIN) and never share a registration code, even with someone who appears to be a friend.

Check 'linked devices' occasionally and remove any you don't recognise.

Related scam types

Related red flags

Related terms

This is general safety information, not legal, financial, or cybersecurity incident-response advice.

Still have the message?

Check it to understand the red flags and how to report it.

Check a message

Frequently asked questions

How quickly should I act?

As soon as possible. Fast action - especially contacting your bank - gives the best chance of limiting harm or stopping a payment.

Will I get my money back?

Sometimes, if you act quickly, but there is no guarantee. Be very cautious of anyone who promises guaranteed recovery for an upfront fee - that is a recovery scam.

How did they take over my WhatsApp?

Usually by getting you to share the registration code. Re-register with the new code to log them out, then set a two-step verification PIN.

Get scam safety updates

Practical scam alerts, new examples, and simple safety tips. No spam. No sensitive message data.

We only collect your email address, optional name, consent status, signup page, and signup time. See our privacy policy.