In recent months, a particularly insidious tactic has become more widespread, where WhatsApp accounts are stolen without the victim having to touch anything. The gateway isn't a link or a download, but the voicemail, a service that many users keep active and poorly protected.
Official alerts indicate that this fraud is based on two elements: the legitimate verification process of the app and the weak mailbox configurationUnderstanding how both pieces fit together is key to reacting quickly and, above all, preventing it from happening to you.
The case that set off alarm bells: calls from abroad and a neglected mailbox
At the end of February 2025, INCIBE's 017 Your Help in Cybersecurity assisted an adult woman explaining how she your WhatsApp account is stolen. Before losing control, he received two calls from numbers in Germany and England that he didn't answer. Shortly after, he found an automated message in his voicemail with a WhatsApp verification code, in addition to another missed call recorded in the same mailbox from a third foreign number.
The victim suspected that her number might have come from the address book of a friend who had been attacked the day before using the same method. This detail fits with what experts observed: the criminals take advantage of contact lists of already compromised accounts to expand their scope of action.
How does voicemail fraud work step by step, where they steal your WhatsApp account?
The attacker tries to register your number on another device. The app, as part of its security, sends a six digit code by SMS or through an automated call. If you don't answer the phone, the voice-over leaves the code in your voicemail.
The next step is to access that mailbox. Many users keep the default PIN, often something as trivial as 0000 or 1234. With that error, the scammers dial the victim's number or gain access via the Internet. remote mailbox access provided by the operators and listen to the message with the code. With the code in their possession, they register the account on their terminal and expel you.
The attack is especially dangerous because it doesn't require any clicks, installs, or active sharing. combination of poorly protected mailbox and call verification facilitates a silent and very quick takeover.
What do criminals do when they steal and control your WhatsApp?
Once inside, they impersonate you in your chats and groups. It is common for them to ask money urgently, share malicious links, or try to extract more personal information. The app itself logs you out when it detects a login on another device, which can be the first sign that something is wrong.
In parallel, they review conversations, photos or videos that they can use to blackmail or chain fraud. That's why reaction speed is crucial to limiting damage.
The classic scam that still works: I sent you a code
Along with the voicemail scam, the direct trick of requesting the code via text message is still very popular. A typical text says that a six digit code and they ask you to resend it urgently. Providing that number is equivalent to handing over the key to your account, so don't share this code. with no one under no circumstance.
Signs that your account may have been compromised
There are several clues. The most obvious is that you can't get in and the app warns you that your number has been registered on another deviceYour contacts can also alert you when they receive strange requests or links from your profile. Any activity you don't recognize, such as messages sent without your intervention, should be make you act immediately.
What to do if your WhatsApp account has been stolen?
The first step recommended by the application itself is to try register your number again as soon as possible. By entering the new verification code, the intruder's session will be closed on their device, giving you back control if nothing prevents it.
It may happen that the attacker activates two-step verification. In that scenario, you may need to wait up to seven days to log in without a 2FA PIN. During this period, you won't be able to immediately regain access, so it's a good idea to take parallel measures to minimize the impact.
If you lost your cell phone, call your operator to lock SIM. Also, from any trusted computer, check if there is open sessions on WhatsApp Web or Desktop and close any you don't recognize. This additional access control reduces surfaces of attack.
INCIBE's guidelines for managing the incident
Since INCIBE's 017, several coordinated actions have been recommended. It starts with notify your contacts so they don't fall for further scams in your name. This step stops the spread of fraud in your immediate networks.
Contact official support at support@whatsapp.com explaining what happened and requesting assistance. If you don't receive help this way, the next step is data protection delegate of the company, which must respond within reasonable timeframes.
If after a month there is no solution or the response is insufficient, you can file a complaint with the Spanish Agency for Data ProtectionThis procedure seeks to restore your right to protection and adequate attention to your case.
Gather all the tests available: screenshots of messages, emails, call logs, and any evidence of impersonation or fraud. With that documentation, submit a complaint to the State Security Forces and Corps, recording the identity theft and the possible harm to third parties.
Don't play games blackmailsIf you are contacted demanding payment in exchange for returning your account, cut off communication and report the attempt. Finally, check the setting up your voicemail and change the default PIN immediately.
Remember that INCIBE's Cybersecurity Helpline, 017, is open every day between 08:00 a.m. and 23:00 p.m. This public resource offers guidance technical and legal for individuals and businesses.
Harden your security: key settings you should activate
Activate the two step verification within the app. You'll find the option in Settings, Account, and Two-Step Verification. With an additional PIN, if someone obtains the six-digit code, they still won't be able to register your account on another device.
Set up a Strong PIN on your voicemail or deactivate it if you don't use it. Avoid predictable combinations and stay away from the classic 0000 or 1234. Consult with your carrier on how to change the code and how to disable remote access if you don't need it.
Do not share the Verification code Under no circumstances should you ask for it. Neither friends, family, nor self-proclaimed technicians should ask for it. If you receive a suspicious message, verify it by calling the person before taking action.
Strengthen your basic privacy: limit the visibility of your profile picture to My Contacts, check who can see your information and apply common sense when faced with unexpected messages requesting money or urgent information.
Protect your voicemail well: the weak link in the attack
The voicemail is the target for a reason: if the verification call goes unanswered, the voicemail leaves the code recorded. To close that gap, create a Long, non-sequential PIN, avoid dates or repetitions and change the password periodically.
Ask your operator how disable remote access to your inbox, so that it can only be accessed from your own phone and after entering your PIN. If you don't use your inbox, consider disabling it. Delete what you don't need. reduces risks In a direct way.
Operational details that often reveal fraud
Initial calls usually come from foreign numbers or strange numbers. The goal is to get you to not answer so the system can route the message to your voicemail. Sometimes, you'll also see missed calls logged in your voicemail.
It is not uncommon for the attacker to get your number because he was in the contact list from someone close to you who has already been attacked. After taking control of your account, they'll try to quickly monetize it and leverage your reputation to spread the fraud.
Good practices for containment and communication
In addition to informing your agenda, it is a good idea to post a short notice on your usual channels communication if you have them, explaining that your WhatsApp has been impersonated and that they should not respond to requests for money or open recent links.
In the professional field, if you manage corporate accounts, document the incident and notify the safety equipment or to the data protection officer. Transparency and speed reduce reputational damage.
What specialized organizations and media say
The National Cybersecurity Institute has issued several alerts explaining this modus operandi and its corrective measures. General and technology media have also described the process, emphasizing that the attack does not require interaction on the part of the victim and the importance of acting quickly to reverse it.
A short note on the quality of online information
Some portals include rating forms so that readers can indicate whether they found the content useful. These surveys sometimes allow you to mark several options, such as Designer, Navigation within the site, Clarity and accuracy of information, Organization of the contents o Language usedThese tools help improve the presentation and comprehensibility of security guides, which is essential when it comes to prevent fraud.
If your WhatsApp account is stolen via voicemail, it's because you don't yet have adequate security, either by using a strong PIN or by deactivating the service. It's important to add two-step verification and be wary of emergencies and six-digit codes. If you've already been affected, register your number againCoordinate with support and your carrier, document everything, report it, and stop any extortion attempts. With these measures and a quick response, criminals' room for maneuver is drastically reduced. Share the tutorial and help other users improve their WhatsApp security..
