• Hithawathi
    • About Us
    • Our supporters
    • Hithawathi TEENS HUB
  • Help Centre

    Caution!

    • COVID-19 Cyber Attacks
    • Cyber security tips
    • Cyber security threats
    • Security Alerts

    Know More

    • Knowledge Base
    • Social Media
    • Parents Guide
    • Children’s Guide
    • How to get help

    Observation

    • Real time cases
    • Videos
    • Newspapers
    • Cyber News & Alerts

  • How to get help
  • News and Events
  • e-Library
    • A Decade of Digital Resilience
    • Monthly Newsletter
    • Cyber Security Booklet
  • Contact
    • FAQ
Are you lost in cyberspace?011-421-6062 help@hithawathi.lk Hithawathi Teens Hub   Cyber security Booklet

 What's right?Donate Now

Please note that Hithawathi services will be limited or delayed on Friday, the 2nd of May 2025 from 2.00pm to 5.00pm. Please kindly bear with us. If you are unable to contact us immediately via phone or instant messaging services, please do send us an email to help@hithawathi.lk or a message via Whatsapp / Viber (+94 77 771 1199) or a message via FB Messenger (https://www.facebook.com/hithawathi). We will get back to you as soon as possible.
We value your feedback
Hithawathi
  • Hithawathi
    • About Us
    • Our supporters
    • Hithawathi TEENS HUB
  • Help Centre

    Caution!

    • COVID-19 Cyber Attacks
    • Cyber security tips
    • Cyber security threats
    • Security Alerts

    Know More

    • Knowledge Base
    • Social Media
    • Parents Guide
    • Children’s Guide
    • How to get help

    Observation

    • Real time cases
    • Videos
    • Newspapers
    • Cyber News & Alerts

  • How to get help
  • News and Events
  • e-Library
    • A Decade of Digital Resilience
    • Monthly Newsletter
    • Cyber Security Booklet
  • Contact
    • FAQ

How to secure your WhatsApp account from social hacking

  • Home
  • Help Centre
  • Social Media
  • Whatsapp
  • How to secure your WhatsApp account from social hacking

Last updated on October 22, 2020

Photo by Thomas Ricker / The Verge

Facebook’s WhatsApp messaging service is incredibly easy to set up, but this easy setup process means that your account is open to abuse if you’re not careful. Thankfully, it’s fairly simple to enable an extra layer of security on your account, which means that you won’t lose it if your six-digit activation code gets compromised.

These security options unfortunately won’t stop you from a serious hack such as the one that hit Amazon CEO Jeff Bezos. What it will do is offer another layer of protection if someone manages to trick you into sharing your security code, which is a process known as “social hacking.”
If you need any convincing about why it’s a good idea to use this extra security, then allow me to share a friend’s recent experience about what can go wrong when you don’t.

Bleary-eyed one Sunday morning, she received a WhatsApp message from a close friend that asked if she could forward over a six-digit code that she was just about to receive via SMS. Without thinking, and because she trusted her friend, she sent over the code and suddenly found herself logged out of her WhatsApp account.

NEVER SHARE YOUR SIX-DIGIT WHATSAPP VERIFICATION CODE WITH ANYONE

You probably realized what happened. That wasn’t just any six-digit code; it was the six-digit code that WhatsApp sends to your mobile number via SMS to associate with your WhatsApp account. In sharing that number, my friend had inadvertently allowed the attacker to log in to her account.

Since her attacker now had control of her account, they were then able to send messages from it to any contacts she was in the same group chat with. That’s how the attacker was able to ask for my friend’s six-digit verification code via another friend’s number; they’d gained control of that account as well and used it to message every contact they could, trying to rope them into the scam.

In theory, having your WhatsApp account taken over should be a fairly easy situation to resolve: just enter your phone number into the app and have it send you another six-digit code. The problem is that hackers can spam your number with a bunch of incorrect six-digit codes so that you get locked out of your account for up to 12 hours. Then, if you hadn’t set up a PIN of your own, this leaves an attacker free to set up one of their own on your account, locking you out for seven days in total.

That’s why it’s so important to remember these two rules:

  1. Never share your six-digit WhatsApp code with anyone — not your parents, not your best friend, and definitely not your sibling. No one will ever have a legitimate reason to ask for the code that WhatsApp sends you over SMS, so don’t even think about sharing it.
  2. Should the worst happen, then setting up a PIN will act as another barrier to stop someone from being able to sign in to your account, and it will stop this nightmare from happening to you.

HOW TO SECURE YOUR WHATSAPP ACCOUNT

Somewhat confusingly, the PIN is also six digits long. In order to set it up:

  • Open WhatsApp and tap the three dots on the top right of the screen
  • Hit “Settings” > “Account” and then pick “Two-step verification”
  • Hit “Enable,” and then pick your six-digit PIN. The gallery of screenshots below will walk you through the whole process.

GRID VIEW

  • This next step isn’t mandatory, but adding an email address will allow you to recover your account if you forget your PIN. WhatsApp will periodically ask you for your PIN while you’re using it so that you don’t easily forget it, but we’d still recommend having a backup.

One more thing: it would be remiss of us if we didn’t mention that, in the past, Facebook (WhatsApp’s parent company) has gotten in trouble for using phone numbers provided for two-factor authentication for ad-targeting. The Federal Trade Commission told the company to stop the practice last year. When we asked WhatsApp, it categorically denied that it does this with its backup email addresses, and we think the benefits of providing an email address outweigh the risks.

Source : https://www.theverge.com/2020/1/23/21068815/whatsapp-two-factor-authentication-how-to-security-privacy-hacking-pin-backup

  • Special Warning
  • Defense Against COVID-19 Cyber Threats
  • How to be safe during this disasters situation
  • How to save your child from cyber crimes
  • Covid-19 Cyber Threats
  • What you should do?
  • How to report to Hithawathi
  • Tell IGP
  • Child Hotline
  • Useful Contact Information
  • Identify, prevent Internet Theft
  • Cybersafety Tips 1
  • Cyber Safety Tips 2
  • Password Part 1 – Selecting a strong password and protecting it
  • Your Safety in Cyber Space
  • What is Two-Factor Authentication?
  • Internet Safety Tips for Children and Teens
  • Spam vs. Scam
  • Work From Home Tips
  • Password Part 2 – How to remember difficult passwords in an easy way
  • Cyber Security Threats in 2020 – 01 – Deepfake
  • Cyber Security Threats in 2020 – 02 – 5G
  • Special Warning
  • Receiving OTP (One Time Password) via a Local Private Number
  • Google Patches High-Severity Flaws in Google Chrome
  • Cyber Security Alert
  • Apple Release Urgent Patches for two Zero-Day Flaws
  • Identify Computer Virus
  • Is Internet good or bad?
  • Internet Frauds
  • Safety on Your Email
  • How to secure your email account?
  • Why can’t I receive or send an e-mail?
  • You Decide whether it is a Fake or a Real Weblink/URL!
  • How to tell if an e-mail is a scam
  • What are scams
  • Social Engineering
  • Report a video
  • Report a thumbnail
  • Report a comment
  • Report a live chat message
  • Report a channel
  • How to change the number on WhatsApp account?
  • How to delete the WhatsApp account?
  • How to block WhatsApp contacts?
  • How to configure privacy settings on WhatsApp?
  • How to configure security settings on WhatsApp?
  • WhatsApp Hacking
  • How to secure your WhatsApp account from social hacking
  • Reporting on WhatsApp
  • How to configure two-step verification settings on WhatsApp?
  • WhatsApp group settings
  • How you can protect your privacy while using Viber?
  • How to back up your Viber chats?
  • How to deactivate a Viber account?
  • Reporting on Viber
  • Admin Controls in Viber Groups
  • Imo
  • How to delete an IMO account?
  • How to Block an IMO chat?
  • How do you report a fake account (impersonating you / pretending to be you) on Instagram?
  • How do you report a post or profile for abuse or spam on Instagram?
  • Do you think your Instagram account has been hacked?
  • How do you report a hacked account on LinkedIn?
  • How do you report inaccurate information on another member’s profile on LinkedIn?
  • How do you report a fake profile on LinkedIn?
  • How do you file a report when a Tweet is abusive
  • How do you report an impersonation violation (fake account) on X (Twitter)?
  • Is your X (Twitter) account hacked?
  • How to report Inappropriate Content on TikTok?
  • If your TikTok account is hacked
  • How to report fake / impersonating accounts on TikTok?
  • Privacy and Safety
  • Reporting

  • Login and Password
  • Your Profile and Settings
  • Names on Facebook

  • What names are allowed on Facebook?
  • Which name should I use on Facebook?
  • How do I add or edit a language-specific name?
  • What if I have one name instead of a first name and a last name?
  • Changing your name or adding additional names

  • Keeping Your Account Secure
  • Notifications
  • Ad Preferences
  • Accessing & Downloading Your Information
  • Deactivating or Deleting Your Account

  • I deactivated my account. How do I reactivate it?
  • How do I permanently delete my Facebook account?
  • Can I remove the account of a friend or family member who’s medically incapacitated?

  • Reporting Abuse

  • Reporting a Privacy Violation
  • Hacked and Fake Accounts

  • Hacked Accounts

  • You think your account was hacked or someone is using it without your permission.
  • You think your friend’s account was hacked.

  • Impersonation Accounts

  • How do you report an account for impersonation?
  • How do you report an account or Page that’s pretending to be you or someone else?
  • How do you request information about a timeline that was impersonating you?

  • Fake Accounts

  • Managing a Deceased Person’s Account
  • Uploading Your ID
  • Intellectual Property

  • Overview

  • What types of things aren’t allowed on Facebook?
  • What types of behavior does Facebook identify as abusive?
  • Does Facebook allow photos of mothers breastfeeding?
  • Does Facebook allow post-mastectomy photos?
  • Why does Facebook limit the use of certain features and what are the limits?
  • Does Facebook consult with any external groups to inform its policies?
  • Are firearm sales allowed on Facebook?
  • Account Info
  • Can I create a joint Facebook account or share a Facebook account with someone else?

  • Your Privacy
  • Staying Safe
  • Keeping Your Account Secure
  • Unfriending or Blocking Someone

  • Unfriend
  • Block

  • What is blocking and how do you block someone?
  • After you block someone, can you see anything about that person?
  • How do you block someone from following you?
  • How do you block messages from someone on Facebook?
  • What is unblocking and how do you unblock someone?

  • Take a Break

  • How do you take a break from someone on Facebook?
  • Can you limit who can see your past posts?
  • Your romantic relationship ended. What can you do?
  • Who can see when you change your relationship status?
  • How can you stop someone from contacting you?

  • Hacked and Fake Accounts

  • Hacked Accounts

  • You think your account was hacked or someone is using it without your permission.
  • You think your friend’s account was hacked.

  • Impersonation Accounts

  • How do you report an account for impersonation?
  • How do you report an account or Page that’s pretending to be you or someone else?
  • How do you request information about a timeline that was impersonating you?

  • Fake Accounts

  • Inheritance scams
  • Rebate scams
  • Nigerian scams
  • Unexpected prize and lottery scams
  • Travel prize scams
  • Classifieds scams
  • Overpayment scams
  • Health & medical products
  • False billing
  • Online shopping scams
  • Psychic & clairvoyant
  • Mobile premium services
  • Investment scams
  • Betting and sports investment scams
  • Jobs and employment scams
  • Pyramid schemes
  • Identity theft
  • Phishing
  • Hacking
  • Remote access scams
  • Malware & ransomware
  • Threats to life, arrest or other

Hithawathi

A Project Powered by
LK Domain Registry

Quick Links

Sri Lanka CERT|CC
TechCERT
Internet Crime Complaint Centre
     
    Instagram 

Our Supporters

 

 

Contact Us

Phone:011-421-6062
Email:help@hithawathi.lk
WhatsApp / Viber:
+94 77 771 1199
 

BUSINESS HOURS
Weekdays 08.30 am – 05.00 pm
Saturdays 08.30 am – 12.30 pm
Closed on Public holidays.

(Calls may be recorded for training and quality purposes)

Copyright © 2025 Hithawathi. All Rights Reserved.

Terms and Conditions | Privacy Policy

Donate Now

Become a partner ?
Just call us 011-421-6062