What's Up With WhatsApp Now? OTP Scam Steals Data
By: Jim Stickley and Tina Davis
March 1, 2021
WhatsApp, currently one of the world’s most popular mobile social apps, has been hit with another scam targeting its users. This one is an OTP (one-time password) hack that’s racking up unsuspecting victims and stealing their private data. Since Facebook purchased WhatsApp in 2014, the number of users has grown to nearly 25 million in the U.S. and two billion worldwide. As it is with many apps, WhatsApp users hope the company has their backs and can shield their data from abuse. When that doesn’t happen, stolen PII (personally identifiable information) can be used in a number of crimes including financial theft and identity fraud. Taking a look at this OTP hack can inform and prevent you from being the next victim of OTP scams, not only with WhatsApp but with other apps too.
How the OTP Scam Works
A fraudster sends you a text message, claiming to be a friend in need of your help, perhaps in an emergency situation. Unknown to you, your friend’s WhatsApp account has been compromised and the hacker is using their identity for the scam. This is a type of phishing hack and the fraudster hopes you’ll bite.

The hacker will ask you to forward an OTP they “accidentally” sent you. Once the OTP is shared with the scammer, you’ll be locked out of your WhatsApp account and your messages, contacts, and groups now belong to them. A hacker can do any number of things with your account, including contacting your loved ones to ask for financial help. However, it doesn’t stop there as the chain of scams multiply once the scammer owns your account.
Preventive Measures
- Immediately reset the app and log in again, but know it may be too late to get your account back.
- Always use 2FA (two-factor-authentication) with apps as an additional layer of identity security.

- Never share your OTP or PII with anyone.
- Use anti-phishing smarts on WhatsApp and other messaging tools, including your email account.
- Knowing contacts may be compromised, look very closely at sender details like their email or other address. Any typo’s or bad grammar are a huge red flag, so delete the message immediately.
- Never open any attachments or follow embedded links in a message. They may be scammer setups that can install malware on a device or lead to a bogus website designed to steal your PII.