WhatsApp Verification Code Scam
Scammers trick victims into sharing login codes to hijack accounts.
Severity: MediumPrevalence: Very CommonLast Updated: 2026-02-10
Channels
Target Audiences
How It Works
The victim receives a WhatsApp message – often from a contact whose account was already hijacked – saying something like "Oops, I accidentally sent a verification code to your number, can you forward it to me?" That code is actually the WhatsApp registration code for the victim's own account. If the victim shares it, the scammer immediately registers WhatsApp on their own device using the victim's phone number, locking the victim out. The scammer then uses the hijacked account to message all of the victim's contacts with similar requests or with pleas for money.
Red Flags
- Requests for verification codes – anyone asking you to share a code sent to your phone is attempting an account takeover.
- Messages claiming "mistakes" – "I accidentally sent my code to your number" is the classic script for this scam.
- Urgent tone – pressure to send the code quickly before it expires.
Protect Yourself
- Never share OTP or verification codes with anyone, for any reason – these codes are only for your own use.
- Enable two-step verification in WhatsApp (Settings > Account > Two-step verification) to add a PIN that scammers won't have.
- Lock WhatsApp with biometric authentication (fingerprint/face ID) for additional security.
Visual Examples
What To Do If You've Been Scammed
- Regain your account via WhatsApp – reinstall WhatsApp, enter your phone number, and request a new verification code. This will log out the scammer.
- Notify your contacts immediately that your account was hijacked and they should ignore any messages sent during that time.
- Secure any linked email account and enable two-step verification to prevent repeat attacks.