Many people noticed that they were receiving SMS with a code and that someone is trying to activate your WhatsApp on a different device. You don’t share the code but still, they will be able to hack your account! How can they do it?
This is how it works: You're sleeping. A "hacker" tries to log in to your account via WhatsApp. You get a text message with a pin code that says: "Do not share this code with anyone". You don't share it, yet you still get hacked.
The attacker clicks on the option that the SMS didn't arrive and asks for verification by phone. WhatsApp calls you. You're sleeping. It goes to Voicemail (in case it was activated). The voicemail stores the automated voice with the pin code that the attackers are trying to obtain.
Next, the attackers check your voicemail simply by trying the default pin code which is the last four digits of your cellphone number in many carriers, or it could be 0000 or 1234. Then they can log in to YOUR WhatsApp.
After logging in, they set up a 2FA pin code on your WhatsApp to prevent you from logging back in. WhatsApp account recovery process takes several days - during this time they ask for $ from your contacts or spread malware.
How to avoid this WhatsApp account takeover?
1. Make sure that your voicemail pin code is not the default Pincode or Disable your voicemail
2. Setup 2FA pin code on your WhatsApp
To activate Whatsapp two steps verification:
Go to Settings -> Account-> Two Steps Verification
To disable your voice mail… Please contact your phone line provider or double check your services from the mobile application related to the company (for example: in Lebanon, you can check your services in Touch or Alfa App)