Hacked Friend Impersonation Scams on WhatsApp
Fraudsters who take over a WhatsApp account send urgent money or verification requests to every contact, exploiting the trusted phone-number identity system to maximise the chance that recipients comply.
Part of: Hacked Friend Impersonation Scams
Last reviewed: 1 June 2026
WhatsApp account takeover makes impersonation especially convincing because messages arrive from the victim's actual phone number — the identifier most people associate with their friend's identity. The absence of a username or display name to cross-check means recipients have fewer signals available to detect the fraud.
WhatsApp impersonation scams often propagate in waves: once an account is compromised, the attacker extracts the contact list and targets each contact in turn, gathering verification codes that allow them to take over further accounts and expand the operation.
How this scam works on WhatsApp
After gaining control of a WhatsApp account, the attacker sends a message to each contact explaining a fabricated emergency — an unexpected bill, a lost wallet, a medical cost — and requesting an immediate bank transfer or gift card purchase. The message uses the tone and phrasing common to the genuine owner to be more convincing.
In the verification code variant, the attacker messages a contact saying they accidentally entered the contact's phone number during a registration attempt and asking them to forward the six-digit code that just arrived by SMS. This code is actually the one-time password for the contact's own WhatsApp account. Forwarding it grants the attacker access to a second account.
Group chat variants have the attacker post an emergency message to every group the compromised account belongs to, dramatically expanding the audience and creating social pressure through group dynamics — other members may encourage compliance or even corroborate the 'emergency' without verifying the source.
Common red flags
- WhatsApp message from a known contact with an uncharacteristic urgent request for money
- Contact asking you to forward a six-digit code they claim arrived at your number 'by mistake'
- Message explaining why the contact cannot call or use other channels to resolve the emergency
- Slightly different writing style, punctuation patterns, or vocabulary compared to the real contact
- Group message from a contact describing an emergency that no one in the group can independently verify
- Request to send money via a platform or method the contact would not normally use
How to protect yourself
- Call the contact directly using their saved number before responding to any WhatsApp money request
- Enable WhatsApp two-step verification in Settings > Account > Two-step verification to prevent your own account from being taken over
- Never forward a six-digit SMS code to anyone, regardless of the explanation given
- If you receive a forwarded code request in a group, alert the group immediately that the account may be compromised
- Set your WhatsApp profile photo to 'My contacts only' to limit its use in impersonation
- Report and block the compromised number to WhatsApp after verifying with the real contact through another channel
How to report it
- Report the offending WhatsApp number through the in-app 'Report' function in the chat settings
- Notify the genuine account owner through an alternative channel so they can begin recovery at WhatsApp
- Report financial fraud to your bank immediately and to your national fraud authority
Frequently asked questions
What should I do if my own WhatsApp account is taken over?
Re-register your number in WhatsApp immediately — you will receive a new six-digit SMS registration code. Once you re-register, the attacker is automatically logged out. Then enable two-step verification and notify your contacts that your account was compromised so they can disregard any messages sent during the takeover.