Fake WhatsApp OTP or account verification phishing — fraudulent email or social engineering claiming to need the recipient's WhatsApp verification code, one-time password, or 6-digit registration code to complete an account transfer, verify a new device, or activate the account — directing them to share the code, provide it, or click a link — an account hijacking attack that uses the victim's own verification code to transfer their WhatsApp account to the attacker's device

Social engineering and phishing attacks targeting WhatsApp account takeover — claiming to need the recipient's WhatsApp 6-digit verification code, one-time password, or registration code to complete an account transfer, verify a new device, or fix an account issue — then using that code to hijack the victim's WhatsApp account and transfer it to the attacker's device. WhatsApp account takeover is primarily a social engineering attack delivered via email or a prior message in the chat. Key facts: (1) WhatsApp account hijacking via verification code sharing is one of the most prevalent account takeover methods globally — WhatsApp's 2B+ active users make it the world's most-used messaging app; account takeovers surge during major scam campaign periods; Europol and national cybercrime units across Europe, Asia, and Latin America have issued specific warnings about this attack pattern; (2) The attack chain is devastating: attacker obtains victim's phone number → requests WhatsApp registration for that number → victim receives legitimate 6-digit SMS → attacker tricks victim into sharing the code → attacker registers victim's account on their device; since WhatsApp uses phone-number-bound accounts, the attacker immediately has full access to the victim's chat history, contacts, and group memberships; (3) WhatsApp account access enables further fraud: impersonating the victim to request urgent money transfers from family/friends (a very high-success fraud variant), accessing business WhatsApp accounts for commercial fraud, and joining groups to harvest additional contacts; (4) WhatsApp will never ask users to share their 6-digit verification code with anyone — the code is solely for registering a device and should never be shared. Warning signs: any request to share a WhatsApp verification code or OTP with another person or via a link.