TLDR
Attacker initiates WhatsApp registration on YOUR number on attacker's device. WhatsApp SMS sends a 6 digit OTP to your phone. Attacker then DMs you (from a compromised contact) saying 'sorry I sent the code to you by mistake, can you...
How it works
Attacker initiates WhatsApp registration on YOUR number on attacker's device. WhatsApp SMS sends a 6 digit OTP to your phone. Attacker then DMs you (from a compromised contact) saying 'sorry I sent the code to you by mistake, can you...
Red flags
- Urgent pressure to click, pay, or share codes immediately.
- A link or sender that does not match the official organization.
- Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What to do
- 1DO: NEVER share your WhatsApp registration code with anyone, even family; enable WhatsApp two step PIN (Settings Account Two step verification).
Source
WhatsApp-Security-Advisory
Source reviewed by Mythos Forensic Team
https://faq.whatsapp.com/1131652977717250FAQ
Is WhatsApp account takeover via OTP social engineering a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What should I do first?
DO: NEVER share your WhatsApp registration code with anyone, even family; enable WhatsApp two step PIN (Settings Account Two step verification).
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.