A few days ago, Ashish from Lokmat Videos posted a message on X about the hacking of his WhatsApp account. He also warned people not to respond to any message from his WhatsApp account requesting money. After checking the details he had shared, I found that the fraudsters had used a very simple trick to hack Ashish's account. He received a call from +91 9122267353 from one Abhishek pretending to be a delivery boy of BlueDart. Abhishek sent an SMS and asked Ashish to call him on *21*9572984431# to verify the delivery address. After dialling the number, Ashish replied that this number was incorrect.
However, the moment Ashish dialled the number with codes like * and #, all incoming calls on his number were forwarded to 9572984431, a number associated with massive unified payment instrument (UPI) fraud. After connecting with his mobile operator, Ashish managed to cancel call forwarding from his mobile number and did a re-verification to get back his WhatsApp account.
The code *21*mobile number# is used for call forwarding by Airtel and VodafoneIdea (Vi). However, using a similar code, any user of
Airtel or Vi can turn off call forwarding. Just open the phone app, dial ##21#, and press the call button. You will receive a confirmation message or tone indicating that call forwarding has been successfully deactivated, and you will continue to receive all calls on your original mobile device.
In September 2024, I wrote in my column how fraudsters are using hacked WhatsApp accounts to further hack accounts of all contacts by sending messages for a one-time passcode (OTP) required for re-registration of the account on a new device.
What happened with Ashish highlights how it is quite easy for fraudsters to fool users and hack their WhatsApp accounts with a simple trick like asking the user to unknowingly activate call forwarding. In this case, except for incoming calls, all other services, like outgoing calls and SMS services, continued to work on Ashish’s phone. Luckily, there is no code for auto-forwarding SMS, or it would have duped a massive number of financial customers.
WhatsApp allows two methods for verifying a number: SMS and voice call. While SMS is the default choice, a user can choose either a missed call or a voice call from WhatsApp to verify the account during the registration. Verifying your number with a missed call is available only on Android.
Further, if you are re-registering the phone number, WhatsApp allows a code via email if you have added your email address to your account in your WhatsApp settings, during initial registration, or during a two-step verification setup.
In the case of Ashish, after enabling the call forward from his mobile number to another number, the fraudsters re-registered his WhatsApp account on a new device and selected a voice call method to verify it.
No doubt, the hacking of WhatsApp accounts is an incident causing panic; one needs to remain calm and investigate the root cause. In the case of Ashish, the root cause was dialling a number with codes, thus enabling call forwarding. And, just like call forwarding can be enabled by dialling the code, it can also be disabled by dialling another code!
You can also disable call forwarding from mobile settings. Go to Call Settings>More Settings (or Supplementary Services)>Call Forwarding>Select Voice Calls. Remove any unknown number shown here.
It is good practice not to dial any number that contains * and # if you do not know or understand its consequences. For WhatsApp, you must enable two-step verification through a personal identification number (PIN).
1. Open WhatsApp Settings.
2. Tap Account > Two-step verification > Turn on or Set up PIN.
3. Enter a six-digit PIN of your choice and confirm it.
4. Provide an email address you can access or tap Skip if you don't want to add an email address. WhatsApp recommends adding an email address as this allows you to reset two-step verification and helps safeguard your account.
5. Tap Next. Confirm the email address and tap Save or Done.
However, remember, if you have forgotten your PIN, you must wait seven days before resetting it. Alternatively, if you have previously added your email address, WhatsApp will send reset instructions to your email. Since WhatsApp doesn't verify the email address, make sure it is accurate and accessible to you.
Meanwhile, WhatsApp has accused Israel-based professional spyware company Paragon Solutions of spying on a select group of users, including journalists and members of civil society.
A WhatsApp spokesperson told
TechCrunch that the campaign was linked to Paragon, an Israeli spyware maker that was acquired in December 2024 by American private equity giant AE Industrial Partners.
WhatsApp says the hacking campaign used malicious PDFs sent via WhatsApp groups to compromise targets and said it had pushed a fix to prevent this mechanism. The hack did not require any action by the targets, according to the company.
WhatsApp also sent a cease-and-desist letter to Paragon, accusing the company of enabling a zero-click exploit against WhatsApp users to surveil their communications. An official from WhatsApp told
Reuters that about 90 users were sent malicious electronic documents that required no user interaction to compromise them. This so-called zero-click hack is considered particularly stealthy.
A few years ago, spyware makers like NSO group (Pegasus) and Intellexa created a storm after they were found spying on journalists and civil society people (activists). Since then, Intellexa and its founders have been sanctioned and the NSO group is put on a blocklist by the US. Just like the NSO group used its Pegasus suite or app, Paragon uses Graphite program for spying.
The threat of zero-click hacks remains for every user of technology, especially communication devices. However, remember, the tools and services provided by these spyware makers are not cheap. In fact, they are so costly that only governments from across the world can afford and use it.
In case you are considered dangerous by your own government, then there is nothing that can stop the state machinery from keeping an eye on you or even hacking every device you use. But then there would be very few people on whom the government is willing to spend a considerable amount for spying. So you can consider yourself lucky and remain happy that you may not be the target of such a spying episode.
Meanwhile, Graphite from Paragon does not require any action from the user to initiate spying except for downloading the PDF file.
Having said that, it is a good practice to turn off the auto download of any file (images, videos or document files like a PDF) on your device. On WhatsApp, go to Settings (click on three vertical dots)> Storage and data> Media auto-download. Here, uncheck or disable downloading photos, audio, videos and documents when using mobile data, Wi-Fi or roaming.
This has two advantages. One, you will consume less data; two, your device will not be clogged by unnecessary messages (for example, n number of good morning and good night images or video clips).
In case you are a victim of spyware, WhatsApp advises to connect with Canadian privacy watchdog
Citizen Lab. Independent nonprofit
Access Now also operates a digital security helpline that provides urgent technical assistance to members of civil society, including activists, human rights defenders, journalists and other at-risk communities.
WhatsApp recommends that all users use its privacy checkup, which provides step-by-step guidance to help strengthen the security of their accounts and customise privacy settings. In privacy checkup, you can choose who can contact you, control your personal info, add more privacy to your chats and protect your account. Go to Settings>Privacy>Privacy Checkup and select the option that you need to strengthen the privacy and security of your WhatsApp account.
Report Suspects
You can quickly report attempts made to commit cybercrime using suspicious website URLs, WhatsApp numbers, Telegram handles, phone numbers, email IDs, SMS headers or mobile numbers and social media URLs to
NCRRP. This information is used by the National Cyber Crime Reporting Portal (NCRP) to build up a repository for analysing and monitoring cybercrime.
Stay Alert, Stay Safe!
