WhatsApp OTP scam: what is it, how it affects you, and how to protect yourself

WhatsApp OTP scam has been in the news lately and it is important to know what it is and how you can protect yourself from it.

  • WhatsApp OTP scam has raised privacy concerns in India
  • WhatsApp OTP scam involves a hacker pretending to be your friend
  • You can secure your WhatsApp account with biometric and 2-factor authentication

WhatsApp is the most popular messaging service in India, so much so that “texting” has almost become synonymous with the Facebook-owned app. But a recent scam has raised privacy concerns in the country. Being termed the ‘WhatsApp OTP scam’ informally, it involves hacking into someone’s WhatsApp account and getting access to their personal chats, photos, and videos. The WhatsApp OTP scam is on the rise in India, with several users reporting security breaches with their accounts. So, what is the WhatsApp OTP scam and how can you protect yourself from it? Let’s find out.

What is the WhatsApp OTP scam?

According to several user reports, the WhatsApp OTP scam involves a hacker pretending to be your friend. They will send you a text describing some sort of emergency, prompting you for help. Next, they will send a WhatsApp OTP to your number and ask for you to send it. If you send that OTP in the chat, your WhatsApp number will get logged out from your smartphone and all your personal information will be accessible to the hacker. 

How is this possible?

When you switch to a new smartphone, you need to install WhatsApp and enter your phone number so that you receive an OTP/ security code to log in to your account. In the same way, the hacker initiates a login from your phone number on their device and is able to access your chats once you forward the OTP to them.

Essentially, this is less of a technical and more of a social hack perpetrated by criminals online.

How dangerous is it? 

WhatsApp is the most frequented app for a lot of us today. We use it to share intimate moments with partners, family, and friends. We also use WhatsApp to communicate with colleagues at work. Despite the fact that WhatsApp is an end-to-end encrypted messaging app, it is impossible to cover the act of unknowingly giving access to a stranger under the security features.  

The hacker can access your personal images and videos and post them publicly without your knowledge.

The hacker could also hold you to ransom with your data, and possibly blackmail you into transferring money or its equivalents online. Furthermore, this scam could also involve your friends and family considering the hacker can reach out to them for the OTP, the same way they did to you, hypothetically.  

How to protect yourself from WhatsApp OTP scam?

Keep your smartphone secure with a password or biometrics. If possible, keep WhatsApp also behind biometrics or at least a pin, which is available natively on both Android as well as iOS.

You can secure your WhatsApp account further by enabling 2-factor authentication. To do this, open the WhatsApp app, click on Settings (three-dot menu on Android, the bottom icon on iOS), click Account, and enable Two-Step Verification. At this step, you can choose a 6-digit PIN of your choice. This way, you will have to enter the preset 6-digit PIN whenever you register your phone number on any device with WhatsApp again.

Another useful way to stay away from these attacks is to not disclose your OTP to anyone, irrespective of the app it is from. Even if it is needed by a friend remotely, call up and confirm the requirement and only share it once confirmed verbally or physically.


Ransomware scams are dangerously becoming commonplace, with smartphone users not realising the impact until they are affected. With the amount of data present on our devices these days, it is important to remain vigilant and not let our guard down when it comes to sharing sensitive information for messaging, banking, or other mobile apps. This comes as a reminder that any sort of information can be leaked through your device, thus keeping a strong check on it is the need of the hour. Have you been impacted by the WhatsApp OTP scam? Let us know.