Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

WhatsApp Scam Lets Hackers Hijack Chats

September 4, 2025
Reading Time: 3 mins read
in Alerts
WhatsApp Scam Lets Hackers Hijack Chats

The attack begins with a seemingly innocent message from a friend’s number that says, “Hi, I accidentally found your photo!” accompanied by a shortened link. This URL, however, leads to a meticulously crafted, counterfeit Facebook login page that is designed to look identical to the real site. When an unsuspecting user enters their credentials on this fake page, the attacker captures them. These stolen credentials are then used to initiate WhatsApp’s device linking process. This critical step allows the attacker to connect their own device to the victim’s WhatsApp account.

Once the attacker initiates the device linking, WhatsApp sends a QR code or a six-digit code to the victim’s registered device. Because the attacker already has control of the victim’s Facebook session, they can intercept or manipulate the verification process to link the victim’s WhatsApp account to the attacker’s device. This gives the cybercriminal full, remote access to all of the victim’s chats, shared media, contacts, and group memberships. This level of access is highly dangerous, as it allows the attacker to not only read private information but also to impersonate the victim.

After successfully hijacking a WhatsApp account, the cybercriminals can impersonate the victim and message everyone in their contact list. This allows them to distribute more malicious links and potentially harvest credentials from multiple victims in a rapid, chain-reaction style. The attackers can also view and exfiltrate sensitive conversations and media files, join private groups to access confidential discussions, and spread phishing links or malware downloads under the guise of a trusted contact. Furthermore, they can blackmail victims by threatening to release private media or conversations, adding another layer of threat to the scam.

Many users are unaware that the device linking feature can be hijacked through social engineering and credential theft. While this feature was originally designed for convenience, allowing users to access their account on multiple devices like a phone and a desktop, criminals have now repurposed it into a powerful tool for large-scale account takeovers. To protect themselves, users should remain vigilant, verify suspicious messages through other channels, and avoid entering credentials on unverified pages. Implementing two-step verification on WhatsApp and regularly monitoring linked devices are also crucial steps to prevent falling victim to this sophisticated scam.

The most effective way to prevent falling victim to this scam is to be proactive about security. Users should always confirm with the sender of a suspicious message through an alternative channel, such as a direct phone call, before clicking on any links. Additionally, it is vital to carefully check URLs to ensure they are legitimate, looking for the proper domain name and HTTPS security. Enabling WhatsApp’s built-in two-step verification feature adds a critical layer of protection by requiring a PIN to link the account to a new device. Users should also regularly review their linked devices in the settings and immediately unlink any unfamiliar ones to maintain control of their account.

Reference:

  • New WhatsApp Scam Lets Hackers Hijack Chats And Poses A Serious Risk To Users
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecuritySeptember 2025
ADVERTISEMENT

Related Posts

BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025
FBI Issues Warning on Spoofed IC3 Website

FBI Issues Warning on Spoofed IC3 Website

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

Infostealer Hits macOS Users Widely

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

SonicWall Warns Reset After Exposure

September 22, 2025

Latest Alerts

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

SonicWall Warns Reset After Exposure

Infostealer Hits macOS Users Widely

FBI Issues Warning on Spoofed IC3 Website

Subscribe to our newsletter

    Latest Incidents

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    Steam Game Steals Streamer Donations

    Ransomware Gang Hacks Spartanburg County

    Cyberattack Hits Europe Airport Systems

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial