Received a WhatsApp verification code without requesting it? Beware – you might be about to have your account stolen

Receiving a WhatsApp verification code you didn’t request is a major red flag. It often means someone is trying to access your account using your phone number. Understanding this scam early can help you stop an account takeover before it happens.

Key Takeaways

• An unsolicited WhatsApp verification code usually signals an attack attempt. Scammers trigger a legitimate login code by entering your number into WhatsApp’s login system.
• The real danger comes from social engineering. Attackers often pose as friends or contacts and trick you into sharing the code, claiming it was sent “by mistake.”
• Sharing the code gives full account access. Once obtained, scammers can lock you out, impersonate you, and target your contacts for further scams.
• Prevention is simple but critical: never share verification codes. These codes are meant only for you—no legitimate person or company will ever ask for them.

Police in the UK are warning WhatsApp users of a surge they have seen in attempts made by fraudsters to steal accounts.

In a tweet posted by Southwark Police in South London, for instance, officers warn that scammers are stealing accounts by tricking WhatsApp users to share verification codes they are sent via SMS.

The scam works like this. Whenever someone tries to register a WhatsApp account on a mobile phone they give WhatsApp a phone number. WhatsApp sends an SMS verification code to the mobile phone number they have been given, to verify that the number is active and that the user trying to register the account really owns the number.

However, a fraudster might contact a WhatsApp user – perhaps pretending to be WhatsApp customer support – and ask them to forward the six-digit verification code that has just been- or is about to be – received on the mobile phone.

Of course, you haven’t requested a verification code. Instead, a scammer has entered your phone number and requested a registration code – in an attempt to hijack your account.

On its website, WhatsApp warns that keeping your verification code secret is an essential part of securing your account:

You should never share your WhatsApp verification code with others. If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so. Without this code, any user attempting to verify your number can’t complete the verification process and use your phone number on WhatsApp. This means you remain in control of your WhatsApp account.

Of course, if someone does manage to seize control of your WhatsApp account they will then be able to see any future messages you receive, and pretend to be you.

WhatsApp says that for this reason you should never share your verification code with anyone, even if they are friends or family.

“If you suspect someone else is using your WhatsApp account, you should notify family and friends as this individual could impersonate you in chats and groups. Please note, WhatsApp is end-to-end encrypted and messages are stored on your device, so someone accessing your account on another device can’t read your past conversations.”

For a higher level of security on WhatsApp, you are advised to not only never share your six-digital registration code, but also enable two-step verification, restrict who can view your profile photo, and be cautious about transferring money with contacts unless you have confirmed their identity.

WhatsApp offers further advice on how to recover your account if it has been stolen from you, and recommends that you log out of all computers from your phone if you still believe someone might be using your account via WhatsApp Web/Desktop.

Frequently asked questions (FAQ)

Why did I randomly get a WhatsApp verification code?

You likely received a WhatsApp verification code because someone entered your phone number while trying to register or access a WhatsApp account. This is often part of a scam attempt. If you didn’t request it, do not share the code with anyone; doing so could allow attackers to take over your account.

Can a hacked WhatsApp account be recovered without verification?

No, recovering a hacked WhatsApp account typically requires verification using a new 6-digit code sent to your phone number. This step confirms ownership. If you’ve been locked out, reinstall WhatsApp and request a new code as soon as possible to regain control.

Why am I receiving a 6 digit WhatsApp code?

The 6-digit WhatsApp code is a login or registration verification code sent when someone tries to access an account using your phone number. If you didn’t initiate the request, it may indicate an attempted account takeover. Never share this code with anyone.