{"id":53012,"date":"2025-02-13T09:14:34","date_gmt":"2025-02-13T14:14:34","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=53012"},"modified":"2025-05-29T10:06:22","modified_gmt":"2025-05-29T14:06:22","slug":"how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/53012\/","title":{"rendered":"WhatsApp and Telegram account hijacking: How to protect yourself against scams"},"content":{"rendered":"<p>Cybercriminals around the world keep honing their schemes to steal accounts in WhatsApp, Telegram, and other popular messaging apps \u2013 and any of us could fall for their scams. Only by becoming a victim of such an attack can you fully appreciate how vital a tool instant messaging has become, and how diverse the damage from hacking a WhatsApp or Telegram account may be. But better not to let it come to that, and to learn to recognize key hijacking scams in order to prevent them in time.<\/p>\n<h2>Why hijack your WhatsApp or Telegram account?<\/h2>\n<p>A stolen account can be appealing because of its content, access rights, or simply the fact that it\u2019s verified, linked to a phone number, and has a good reputation. Having stolen your Telegram or WhatsApp account, cybercriminals can use it in a variety of ways:<\/p>\n<ul>\n<li>To send spam and phishing messages on your behalf to all your contacts \u2013 including private channels and communities.<\/li>\n<li>To write sob stories to all your friends asking for money. Worse yet \u2013 to use AI to fake a voice or video message asking for help.<\/li>\n<li>To steal accounts from your friends and family by asking them to <a href=\"https:\/\/www.kaspersky.com\/blog\/telegram-takeover-contest\/47195\/\" target=\"_blank\" rel=\"noopener nofollow\">vote in a contest<\/a>, \u201cgifting\u201d them a fake <a href=\"https:\/\/www.kaspersky.com\/blog\/telegram-premium-scam\/52696\/\" target=\"_blank\" rel=\"noopener nofollow\">Telegram Premium subscription<\/a>, or employing some other fraudulent scheme \u2013 of which there are many. Coming from someone the recipient knows, messages like this tend to inspire greater trust.<\/li>\n<li>To hijack a Telegram channel or WhatsApp community you manage.<\/li>\n<li>To blackmail you with the contents of your chats \u2013 <a href=\"https:\/\/www.kaspersky.com\/blog\/the-naked-truth-iia\/51733\/\" target=\"_blank\" rel=\"noopener nofollow\">especially if there\u2019s sexting<\/a> or other compromising messages.<\/li>\n<li>To read your chats quietly, which may have strategic value if you\u2019re a businessman, politician, military or security officer, or civil servant.<\/li>\n<li>To upload a new photo to your account, change your name, and use your account for targeted scams: <a href=\"https:\/\/www.kaspersky.com\/blog\/pig-butchering-crypto-investment-scam\/50764\/\" target=\"_blank\" rel=\"noopener nofollow\">from flirting with crypto investors (pig butchering)<\/a> to <a href=\"https:\/\/www.kaspersky.com\/blog\/how-to-spot-and-prevent-boss-scams\/50861\/\" target=\"_blank\" rel=\"noopener nofollow\">requests from the victim\u2019s boss (boss scams)<\/a>.<\/li>\n<\/ul>\n<p>Due to this variety of applications, criminals need new accounts all the time, and anyone can become a victim.<\/p>\n<h2>WhatsApp, Telegram, and QQ quishing<\/h2>\n<p>Scammers used to steal accounts by tricking people into giving them text verification codes (required to log in), or by intercepting these codes. But since this method is no longer as effective, the focus has shifted to trying to link an additional device to the victim\u2019s account. This works best when using phishing schemes based on QR codes \u2013 known as <a href=\"https:\/\/www.kaspersky.com\/blog\/bubble-tea-qr-code\/48893\/\" target=\"_blank\" rel=\"noopener nofollow\">quishing<\/a>.<\/p>\n<p>Attackers either put up their own ads or carefully stick malicious QR codes on top of someone else\u2019s to overlay the legitimate code. They can also print a QR code on a flyer and drop it in a mailbox, post it on a social network or website, or simply send it by email. The pretext can be anything: an invitation to join a neighborhood chat; connect to an office, campus, or school community; download a restaurant menu or claim a discount; or view cinema showtimes or extra information on movies and other events.<\/p>\n<p>The code alone can\u2019t cause your account to be hijacked, but it can lure you to a scam website containing detailed instructions telling you where to click in the messaging app, and what to do after that. The site shows you another, dynamically generated, QR code, which the attackers\u2019 server requests from WhatsApp or Telegram when it asks the service to link a new device to your account. And if you, determined to enjoy every benefit civilization has to offer, decide that another code won\u2019t hurt and follow the instructions, then the device used by the attackers will get access to all your data in the app. In fact, you can see it in the \u201cDevices\u201d or \u201cLinked devices\u201d sections of Telegram or WhatsApp, respectively. However, this attack is designed for those who aren\u2019t very familiar with messaging app settings, and who might not check such submenus regularly. Incidentally, users of <a href=\"https:\/\/www.kaspersky.com\/blog\/phishing-qr-code-attack-on-qq-users\/44767\/\" target=\"_blank\" rel=\"noopener nofollow\">QQ<\/a>, China\u2019s most popular messaging app, are also targeted by similar attacks.<\/p>\n<h2>Malicious polls, fraudulent gifts, and girls\u2026 undressing<\/h2>\n<p>Aside from QR codes, scammers may also attack you by sending seemingly harmless links, such as those for \u201cpeople\u2019s choice\u201d votes, instant lotteries, or giveaways. On Telegram, they like to mimic the interface used for <a href=\"https:\/\/www.kaspersky.com\/blog\/telegram-premium-scam\/52696\/\" target=\"_blank\" rel=\"noopener nofollow\">receiving a Premium subscription as a gift<\/a>.<\/p>\n<p>Typically, you get to such pages through messages from friends or acquaintances whose accounts have already been compromised by the same scammers. The homepage is always full of catchy phrases like \u201cvote for me\u201d and \u201cclaim your gift\u201d.<\/p>\n<p>A variation on the scam involves messages from a \u201cmessaging app security service\u201d. You might get contacted by someone using a name like \u201cSecurity\u201d or \u201cTelegram security team\u201d. They offer to protect your data by <span style=\"text-decoration: line-through\">transferring your account to a secure account<\/span> clicking a link and enabling \u201cadvanced security options\u201d.<\/p>\n<p>Lastly, you could get an ad for a service or bot that offers something useful or fun \u2013 like an AI chatbot or a\u2026 nude generator.<\/p>\n<p>There\u2019s another potential scam scenario for Telegram: since 2018, the service has offered website owners <a href=\"https:\/\/telegram.org\/blog\/login\" target=\"_blank\" rel=\"noopener nofollow\">authentication of visitors using the Telegram Login Widget<\/a>. It\u2019s a real, functioning system, but scammers take advantage of the fact that few people know how this authentication is supposed to work \u2013 replacing it with a phishing page to steal information.<\/p>\n<p>In any of these scenarios, once you\u2019re through the enticing landing page, you\u2019ll be asked to \u201csign in to your messaging app\u201d. This procedure might involve scanning a QR code or simply entering your phone number and the OTP code on the website. This part of the website is typically disguised as a standard WhatsApp or Telegram authentication interface \u2013 creating the illusion that you\u2019ve been redirected to the official website for login. In reality, the entire process is happening on the attackers\u2019 own site. If you comply and enter the data or scan the code, cybercriminals will immediately gain control of your messaging app account. Your only reward? Some kind of thank-you message like <a href=\"https:\/\/www.kaspersky.com\/blog\/telegram-premium-scam\/52696\/\" target=\"_blank\" rel=\"noopener nofollow\">your premium subscription will activate within 24 hours<\/a> (it won\u2019t; who knew?!).<\/p>\n<h2>Hacking a smartphone with a fake WhatsApp or Telegram app<\/h2>\n<p>An old yet still effective way to hijack accounts is by using <a href=\"https:\/\/www.kaspersky.com\/blog\/whatsapp-mods-canesspy\/49656\/\" target=\"_blank\" rel=\"noopener nofollow\">trojanized mods<\/a>; that is \u2013 modified versions of messaging apps. This threat is especially relevant for Android users. You can come across ads touting \u201cimproved\u201d versions of popular messaging apps on forums, in groups chats, or simply in search results. <a href=\"https:\/\/www.kaspersky.com\/blog\/whatsapp-mods-canesspy\/49656\/\" target=\"_blank\" rel=\"noopener nofollow\">WhatsApp mods<\/a> often promise the ability to read deleted messages and see the statuses of those who hid them, while Telegram fans are promised free Premium features.<\/p>\n<p>Downloading and installing a mod like this infects your phone with malware that can steal the messaging account along with all the other data on the device. Interestingly, Android users can encounter <a href=\"https:\/\/www.kaspersky.com\/blog\/telegram-signal-malware-in-google-play\/48937\/\" target=\"_blank\" rel=\"noopener nofollow\">spyware-infected mods<\/a> even in the \u201choly of holies\u201d: the official Google Play store.<\/p>\n<h2>What happens to a hijacked Telegram or WhatsApp account?<\/h2>\n<p>The fate of your hijacked account depends on the attackers\u2019 intentions. If their goal is espionage or blackmail, they\u2019ll just quickly download all your chats for analysis, and you may not notice anything at all.<\/p>\n<p>If cybercriminals want to send fraudulent messages to your contacts, they\u2019ll immediately delete sent messages by using the \u201cdelete for me only\u201d feature to make sure you don\u2019t notice anything for as long as possible. However, sooner or later, you\u2019ll start receiving messages from surprised, outraged, or simply vigilant friends, or you yourself will notice traces of an unauthorized presence.<\/p>\n<p>Another consequence of hacking may be the messaging service\u2019s reaction to the spam. If recipients report your messages, your account may become restricted or blocked \u2013 preventing you from sending messages for several hours or days. You can appeal the restrictions by using a special button, such as \u201cRequest a Review\u201d in the message from the moderators, but it\u2019s best to first ensure that you have exclusive control over your account and wait at least a few hours afterward.<\/p>\n<p>Telegram treats all devices linked to an account equally, which means scammers can take over your entire account and kick you out by disconnecting all your devices. However, to do this, they\u2019d need to remain logged in unnoticed for a whole day: Telegram has a 24-hour waiting period before one can log out other devices from a newly connected account. If you\u2019ve been locked out of your own Telegram account, read our <a href=\"https:\/\/www.kaspersky.com\/blog\/telegram-account-hacked\/52775\/\" target=\"_blank\" rel=\"noopener nofollow\">detailed recovery guide<\/a>.<\/p>\n<p>On WhatsApp, the first device you use to log in to your account becomes the primary one, and other devices are secondary. This means hackers can\u2019t pull off that trick there.<\/p>\n<h2>How to protect yourself from WhatsApp and Telegram account hijacking<\/h2>\n<p>You can find detailed instructions on how to secure your <a href=\"https:\/\/www.kaspersky.com\/blog\/telegram-privacy-security\/38444\/\" target=\"_blank\" rel=\"noopener nofollow\">Telegram<\/a>, <a href=\"https:\/\/www.kaspersky.com\/blog\/whatsapp-privacy-security\/51428\/\" target=\"_blank\" rel=\"noopener nofollow\">WhatsApp<\/a>, <a href=\"https:\/\/www.kaspersky.com\/blog\/signal-privacy-security\/40377\/\" target=\"_blank\" rel=\"noopener nofollow\">Signal<\/a>, and <a href=\"https:\/\/www.kaspersky.com\/blog\/discord-privacy-security\/38546\/\" target=\"_blank\" rel=\"noopener nofollow\">Discord<\/a> in our separate guides. Let\u2019s go over the general principles again:<\/p>\n<ul>\n<li>Be sure to enable two-factor authentication (also variously known as \u201ccloud password\u201d or \u201ctwo-step verification\u201d) in the messaging app, and use a <a href=\"https:\/\/www.kaspersky.com\/blog\/kaspersky-international-password-day-2024\/51095\/\" target=\"_blank\" rel=\"noopener nofollow\">long, complex, and unique password<\/a> or passphrase.<\/li>\n<li>On WhatsApp, you can choose a passkey instead of a password. This protection is more reliable.<\/li>\n<li>Avoid taking part in giveaways and lotteries. Don\u2019t accept gifts that you didn\u2019t expect \u2013 especially if you need to log in to some websites through the messaging app to receive them.<\/li>\n<li>Learn <a href=\"https:\/\/telegram.org\/blog\/login\" target=\"_blank\" rel=\"nofollow noopener\">how legitimate authorization through Telegram looks<\/a>, and immediately close any websites that look different. To put it simply, during a legitimate authorization process, all you need to do is click the \u201cYes, I want to go to such-and-such website\u201d button within the Telegram chat with the bot. No scanning or entering of codes is required.<\/li>\n<li>Check your WhatsApp and Telegram settings regularly to see what devices are connected. Disconnect any that look old or fishy. You can set Telegram to automatically end old sessions:<strong> Settings \u2192 Devices \u2192 Automatically terminate old sessions \u2192 If Inactive For 1 week.<\/strong><\/li>\n<li>Always use official messaging apps downloaded from trusted sources like Google Play or the App Store, Galaxy Store, Huawei AppGallery, and other major app stores.<\/li>\n<li>Be more careful with <a href=\"https:\/\/www.kaspersky.com\/blog\/dangers-of-desktop-messengers\/47453\/\" target=\"_blank\" rel=\"noopener nofollow\">desktop messaging clients<\/a> \u2013 especially at the office.<\/li>\n<li>Use a <a href=\"https:\/\/www.kaspersky.com\/premium?icid=gl_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener nofollow\">reliable protection system<\/a>\u00a0on all your devices to avoid visiting phishing sites or installing malware.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"premium-geek\">\n","protected":false},"excerpt":{"rendered":"<p>We look into every method of hijacking WhatsApp, Telegram, and other messaging accounts \u2013 from quishing to fake gifts and viruses, and ways to protect yourself against them.<\/p>\n","protected":false},"author":2722,"featured_media":53014,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2683],"tags":[105,4026,607,76,43,1556,1532,768,611,422,812,546],"class_list":{"0":"post-53012","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-android","9":"tag-discord","10":"tag-messengers","11":"tag-phishing","12":"tag-privacy","13":"tag-qr","14":"tag-signal","15":"tag-surveillance","16":"tag-telegram","17":"tag-threats","18":"tag-tracking","19":"tag-whatsapp"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/53012\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/28565\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/23805\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/12281\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/28678\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/27963\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/30780\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/29473\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/39046\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/13171\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/22599\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/23413\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/31963\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/28811\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/34631\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/how-to-prevent-whatsapp-telegram-account-hijacking-and-quishing\/34260\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/messengers\/","name":"messengers"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/53012","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=53012"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/53012\/revisions"}],"predecessor-version":[{"id":53519,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/53012\/revisions\/53519"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/53014"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=53012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=53012"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=53012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}