If You Have a WhatsApp Account, You Need to Change Your Voicemail PIN Now

WhatsApp is a great messaging application for anyone who values their privacy. That is because all messages can be read only by their recipients and senders, as the program uses end-to-end encryption to encipher them. However, sensitive information that could be delivered via such messages attracts hackers who have recently discovered a way to gain access to WhatsApp accounts. Apparently, they do so by employing the victim's voicemail. The cybercriminals look for users that have default voicemail PIN codes, which are easy to guess, to gain control over the user's voicemail services. If you continue reading our blog post, we will tell you more about the WhatsApp voicemail scam as well as talk about how to change voicemail PIN and what extra precautions to take to keep your WhatsApp account and content on it safe from intruders.

How does the WhatsApp voicemail scam work?

For starters, the hackers need to install WhatsApp while using the targeted victim's telephone number on their own device. To be sure it is the same user, WhatsApp should send a verification code to the account owner's telephone number. Since the attacker does not have the phone or access to it, he cannot view the code. Unfortunately, this obstacle can be easily overcome by employing the user's voicemail. As you see, when the sent verification code is not entered, the application should suggest performing a so-called voice verification. During it, the user receives a phone call and can hear the verification code said out loud.

The key is to make sure the call goes to voicemail. This is why the scammers do this late at night in the hope that the targeted victim will be asleep, and will not pick up the phone. Another essential condition for the attack to work is the user has to have a weak voicemail PIN code. Ideally, it should be the default PIN code that comes with the service from the beginning, as in most cases it is made from four characters and so can be easily guessed. In such a case, all that the hackers have to do is guess the voicemail PIN. Then listen to the WhatsApp voice message to type the mentioned code and gain access to the user's account from their device. If the victim does not have Two-Factor authentication activated, the cybercriminals may do so to ensure the user is unable to get back to his account. Therefore, if the attack is successfully initiated, the hackers may not only be able to view potentially sensitive messages, but also take over the account, chat with the available contacts, and so on.

How to protect yourself from the WhatsApp voicemail scam?

The first thing users who use WhatsApp and voicemail services should do is make sure they have a secure voicemail PIN. If you have never changed it before, the chances are you are still using the default PIN code that came along with the service. On the other hand, if you replaced the default voicemail PIN with a PIN code that consists of minimum required characters, we would recommend updating it with a combination that uses the maximum number of possible characters, so the hackers would have a difficult time guessing it. Usually, users can change their PINs through the mobile phone's voicemail settings. If you do not know how to change voicemail PIN, you should contact your phone service provider and have him help you out.

In addition to changing your voicemail PIN, we would recommend doing the same with your WhatsApp password if you think it might be weak too. You can find all that you need to know about how to create a strong voicemail PIN or password right here. There is also one more extra precaution you can take if you want to secure your WhatsApp account. What we are talking about is activating the Two-Factor Authentication. It is easy to do, and most importantly it will make it much more difficult for anyone targeting your account to get access to it. If you would like to enable this feature, but do not know how, you could take a look at the instructions available below.

How to enable WhatsApp Two-factor Authentication

The following instructions show how to turn on Two-Factor Authentication for those using WhatsApp on Android devices.

1. Open your WhatsApp application.
2. Go to "Settings" by tapping the "menu" icon (top-right corner).
3. Choose "Account" and go to "Two-step verification settings".
4. Press "Enable".
5. Create a password from six characters that you will be asked when logging in from another device.
6. Confirm the passcode.
7. Enter your email address that will be used in case you need to recover forgotten verification password.
8. Tap "Next" and confirm your email address.

Note: Both the verification password and recovery email can be changed if there is such a need via the Two-step verification settings.

The WhatsApp voicemail scam only proves how crucial it is to secure every single account we have if we do not want anyone to invade our privacy. Even if we do not use the account that often or if it does not appear to be as important as our email or social media profiles, hackers can find creative ways to misuse them. Now that you know how a weak voicemail PIN could endanger your privacy, we urge you not to take any chances and replace it as soon as possible. For more tips on how to protect your WhatsApp from being hacked, we recommend reading our previous blog post available here.