Pakistan’s National Cyber Emergency Response Team has issued a nationwide advisory warning of a sharp rise in WhatsApp account hijacking incidents, saying the attacks are active, widespread and targeting users across all demographics.

In the advisory, Pakistan’s National Cyber Emergency Response Team (National CERT) said attackers are exploiting social engineering techniques, the use of psychology, rather than technical flaws in WhatsApp’s software to gain unauthorised access to accounts.

According to the advisory, criminals are using methods such as tricking users into sharing one-time passcodes (OTPs), manipulating call-forwarding settings, sending phishing links, and circulating malicious QR codes that link victims’ accounts to attackers’ devices. Once compromised, accounts are used to impersonate victims, defraud contacts, access private communications and spread malicious content.

Read: Israeli spyware targets Pakistani human rights lawyer

National CERT warned that the impact of account hijacking can include identity theft, financial fraud, data exposure, reputational damage and privacy violations. It said the threat also poses risks to organisations whose staff use WhatsApp for business communications, potentially exposing sensitive information and enabling further fraud.

The advisory said all versions of WhatsApp are affected, including Android, iOS, WhatsApp Business, Web and Desktop, and described the severity of the attacks as high. It stressed that successful hijacking usually requires user interaction, such as sharing a verification code or scanning a QR code, and that accounts without two-step verification are particularly vulnerable.

National CERT urged users to immediately enable WhatsApp’s two-step verification feature with a recovery email, regularly review linked devices, and never share verification codes or PINs with anyone. It also advised users to be cautious of urgent messages requesting money or codes, and to avoid clicking on links in unsolicited messages.

The advisory set out an official recovery procedure for compromised accounts, advising users to reinstall WhatsApp, re-verify their phone number and reset security settings. It noted that in cases where attackers have enabled two-step verification without a recovery email, users may face a mandatory seven-day lockout before regaining full access, during which neither party can read messages.

National CERT said users who suspect their account has been compromised should alert their contacts immediately, report the incident to WhatsApp and monitor for any signs of financial or data misuse. It called on the public to remain vigilant as cyber criminals continue to adapt their tactics.