Authorities in Spain warn of 'chain' theft of WhatsApp accounts: this is how it works and what to do if you fall victim

Authorities in Spain warn of 'chain' theft of WhatsApp accounts: this is how it works and what to do if you fall victim

It comes after a man lost access to his account, with cybercriminals then messaging his contacts and requesting money

Cristina Vallejo


Wednesday, 10 April 2024, 16:26


Spain's National Institute of Cybersecurity (Incibe) has issued a warning of "chain thefts of WhatsApp accounts".

It comes after the case of a man who contacted authorities concerned after he had lost access to his account. According to his testimony, he one day received a message from his son telling him he had had a problem with his WhatsApp account and that he was going to send him a code by SMS which he needed him to provide. After receiving the code, the person sent it to his son via WhatsApp, immediately and without thinking, so he could resolve the alleged incident. Within minutes, it was he himself who lost access to his account. He tried to activate it again, was able to insert the first code requested, but was subsequently asked for a second verification code that never arrived on his phone. He then phoned his son for help and discovered that the same thing had happened to him, so it was not his son who had asked for the code, but he had been a victim of a "chain" account theft. The next day, one of his contacts received a message from his account asking him for money because he was in financial trouble.

What to do if you fall victim

Incibe gives a series of guidelines for possible similar cases. The first thing to do is to try to activate the account again. If this cannot be done, it is because the most common reason why the account cannot be activated after it has been stolen is because cybercriminals set up the double authentication factor to prevent anyone from recovering it.

If this is the case, and if the account cannot be recovered, Incibe advises the contacts should be notified of what has happened, since, as it is a fraud that occurs in a chain, they could be affected. In addition, you should contact WhatsApp support via email at and let them know what has happened. If you are unable to recover your account after this last step, you should contact the application's data protection officer.

If, after the above steps and within one month, no response or an unsatisfactory response is received, then you should go to the Spanish Data Protection Agency to report it. In the event of any damage, threat or harm, evidence should be gathered and a complaint filed with police.

Once the account has been recovered, as a preventive measure to avoid this type of scam, Incibe advises activating two-factor authentication.

Reporta un error en esta noticia

* Campos obligatorios