Imagine receiving a call from someone claiming to be a delivery executive, unable to locate your home. Sounds routine, right? That’s exactly how Thomas fell victim to a cleverly engineered WhatsApp hack — and it could happen to anyone. Here’s his story, how the hack works, and what you can do to protect yourself.
—
🔍 What Exactly Happened?
Thomas received a call from someone posing as a delivery agent. The caller claimed the delivery boy couldn’t find his home and asked him to dial a number to “connect directly” with the delivery person:
> *21*9106868159#
Unknowingly, Thomas activated call forwarding to the hacker’s number by dialing this USSD code.
What happened next?
The attacker attempted to log into Thomas’s WhatsApp.
WhatsApp sent the verification code via SMS — but it got forwarded to the attacker’s phone because of the call diversion.
The attacker entered the verification code, gaining full access to Thomas’s WhatsApp.
Thomas was logged out of his device.
—
💡 How This Hack Works — The Technical Trick
This scam uses a combination of:
1. Social engineering (posing as a delivery agent to build urgency and trust).
2. Call forwarding using USSD codes (e.g., *21*<number>#), which reroutes your incoming calls to another number.
3. Hijacking the WhatsApp login by intercepting the 2FA (verification code) via call/SMS.
This method works especially well when WhatsApp is set to deliver the 2FA via a call instead of SMS.
—
🛡️ How to Prevent This
Here are essential steps to protect yourself:
âś… 1. Never dial strange USSD codes
USSD codes like *21*number# are used to activate call forwarding.
Don’t dial such codes unless you personally know and trust the source.
âś… 2. Enable Two-Step Verification on WhatsApp
Go to Settings > Account > Two-step verification and set a PIN.
This ensures that even if someone gets the SMS code, they can’t log in without the PIN.
âś… 3. Beware of urgent requests over the phone
Always verify if it’s a real delivery. Hang up and call the delivery service directly if unsure.
âś… 4. Know the common scam signs
Anyone asking you to dial a number or share an OTP/code is a red flag.
WhatsApp never calls you for verification.
—
🔧 What To Do If You Get Hacked
If this happens to you, act fast:
1. Deactivate call forwarding:
Dial ##21# to cancel all call forwarding settings.
2. Reinstall WhatsApp and log in again.
You’ll regain access if the hacker hasn’t enabled two-step verification.
3. Alert your contacts.
The hacker might impersonate you. Warn friends not to share OTPs or money.
4. Report the number to WhatsApp:
Go to Settings > Help > Contact Us.
—
🧠Final Thoughts: Don’t Let Curiosity Be the Weak Link
In Thomas’s case, he quickly reversed the call forwarding and regained control — but not everyone may act as swiftly. The best defense is awareness. Share this story, enable your security settings, and stay cautious the next time you get a suspicious call.
And a short note: so in a later chat with Thomas, he told that it was chatgpt who came for his help. He quickly mentioned the scenario to ChatGPT and it guided him through a proper solution.
(Name Thomas is not real, just keeping a familiar name. It could have been Joseph or Francis or Xavier or Aswin)
Comments (1)
The hacker enabled 2 step verification too, now I’m stuck. Please help what to do??
Leave a Comment