A new, sophisticated scam allows criminals to completely take over WhatsApp accounts – just with a phone call. International security authorities are currently warning urgently against the method known as “covert call diversion”. It combines clever manipulation with hidden cell phone functions.
The attackers pose as parcel deliverers or service providers. They use a pretext to get their victim to enter a special key combination into the dial pad. What seems harmless activates you Call forwarding all calls to a scammer’s number.
The decisive step follows immediately: The criminals start the WhatsApp registration on their device with the victim’s number. You can have the verification code sent to you via phone call. Since all calls are redirected, the code goes directly to you – the account transfer is complete.
Advertisement
This new call scam shows how easily attackers can hijack WhatsApp accounts. The risk can be significantly reduced with targeted settings on the smartphone. Our free security package explains the five most important protective measures for Android smartphones – including step-by-step instructions on two-factor authentication, checking call forwarding and secure app settings. Ideal for everyone who uses WhatsApp, online banking and shopping on mobile devices. Get the immediately actionable checklist and protect your contacts. Request a free security package for Android
Global warnings and the consequences
The Indian Cyber Crime Coordination Centre (I4C) reports a significant increase in such cases. The method works worldwide because the GSM codes used are an international mobile communications standard.
Once the account has been hijacked, the perpetrators misuse the victim’s identity. They contact friends and family to ask for money or spread the scam. They often activate them afterwards Two-factor authentication (2FA) with your own PIN. This permanently locks out the actual account owner.
Social engineering as the weakest link
The attack does not target a WhatsApp vulnerability. Instead, it exploits users’ ignorance about mobile phone functions. It is pure Social Engineering: Perpetrators create pressure or authority to eliminate critical thinking.
Compared to phishing links, a personal call appears more credible and bypasses technical filters. Experts emphasize: Protection here lies primarily in educating the users themselves.
This is how you protect yourself effectively
The good news: Simple measures offer effective protection.
- Enable two-factor authentication (2FA) in WhatsApp. Set a personal, six-digit PIN. Without it, every new registration fails – even with an intercepted verification code.
- Never enter codes at the direction of someone you do not know. No matter who is pressing on the phone: Do not type strings like this
**21*or**67*a. - Disable suspicious redirects. With the code
##002#and a call, you reset all call diversions. - Remain suspicious. A healthy suspicion of unsolicited calls with an air of urgency is the best protection.
