With nearly 3 billion monthly active users in 2025, WhatsApp stands as one of the world’s most popular messaging apps, but its widespread use has made it a prime target for scammers. Common threats include account theft, where criminals hijack a user’s profile, and the prepayment scam, which lures victims with promises of rewards in exchange for upfront payments that never materialize. In Brazil alone, scams via messaging apps drained over R$ 325 million from victims in 2024, a sharp rise from previous years. This article compiles practical advice on recovering a stolen account, dodging traps like the prepayment scam, and understanding how message tracking works—a frequent concern among users worried about security. As attacks grow more sophisticated, often leveraging social engineering to deceive targets, safeguarding your WhatsApp requires heightened vigilance.
Recovering a stolen account can be tricky, but there are clear steps to follow. The first is to attempt reactivation using your original phone number, which may disconnect the scammer’s device if they haven’t enabled two-step verification. The prepayment scam, like the one reported by Aluisio Amorim, typically starts with unsolicited messages offering easy money—a tactic designed to exploit trust. As for tracking, pinpointing a message’s origin is possible but requires legal action, as WhatsApp retains access logs for a set period under law.
Security on WhatsApp hinges on both its built-in tools and user caution. Enabling two-step verification and skepticism toward unexpected contacts are simple yet effective defenses. With a 20% surge in reported messaging app frauds globally last year, grasping these risks is key to navigating the world’s most-used messaging platform safely.
What to do if your account is stolen
Time is critical when a WhatsApp account is compromised. Scammers often gain access by tricking users into sharing the six-digit verification code sent via SMS, posing as friends or familiar contacts. If this happens, immediately try to reactivate the app with your number by requesting a new code. This action logs the account out of the scammer’s device, provided they haven’t set up two-step verification with their own password.
If the scammer has already enabled this extra security layer, recovery gets tougher. You’ll need to wait seven days for WhatsApp to allow reactivation without their two-step verification PIN. During this time, alert your friends and family about the breach to prevent them from falling for scams using your identity.
Boosting your account’s security
Preventing account theft is far easier than fixing it after the fact. WhatsApp’s two-step verification feature adds a six-digit PIN that must be entered whenever the app is activated on a new device. To enable it, go to “Settings,” tap “Account,” and select “Two-step verification.” Linking an email to this setup lets you reset it if forgotten, thwarting scammers who might otherwise lock you out permanently.
How the prepayment scam works
The prepayment scam is a persistent threat on WhatsApp, preying on hopes of quick gains. Aluisio Amorim’s experience—messages from a supposed sick woman in the U.S. offering money for an initial deposit—is a classic example. Known as an “advance fee scam,” this fraud has cost Brazilians millions, with individual losses reaching up to R$ 50,000 in 2024.
These messages often come from unknown, sometimes international numbers, creating urgency to trick victims. After the upfront payment, the scammer vanishes, leaving the user empty-handed and without direct recourse. Reporting these messages via WhatsApp’s “Report” feature is the best way to flag them and protect others.
Spotting and reporting scams
Identifying a scam on WhatsApp requires watching for red flags. Messages from unknown numbers asking for money, suspicious links, or personal details are clear warnings. In prepayment scams, unrealistic reward promises are a telltale sign. To report, open the chat, tap the three dots in the top right corner, and choose “Report.” This sends the content to WhatsApp for review, potentially leading to the offending account’s ban.
Another frequent scam is the fake verification ploy, where a scammer pretends to be a friend and requests your activation code, claiming it was sent by mistake. Sharing it hands over your account, which can then be used to defraud your contacts. Blocking the number and enabling extra security are immediate steps to limit damage.
Tracking messages explained
Tracking a message’s origin on WhatsApp is a common question, but it’s not straightforward for regular users. The app retains access logs, like IP addresses, for a legally mandated period—in Brazil, up to one year under the Marco Civil da Internet. However, accessing this data requires a court order, and you must provide specifics, such as the message’s date and time.
For criminal cases like threats or fraud, police can request this information from WhatsApp. For civil matters, such as personal disputes, a lawyer can guide the legal process. The sender doesn’t need to be online during tracking, but a deleted account may complicate identification if logs have expired.
Key WhatsApp safety tips
Protecting yourself on WhatsApp goes beyond basic settings. Here are practical measures to stay secure:
- Enable two-step verification: Stops scammers from taking over even with your SMS code.
- Be wary of unsolicited messages: Avoid clicking links or replying to unknown contacts.
- Never share codes: Your verification code is personal and non-transferable.
- Report fast: Use the “Report” option to flag frauds quickly.
- Monitor your account: If it logs out unexpectedly, reactivate it immediately.
These steps drastically cut risks, especially with a 30% rise in social engineering cases in 2024, where scammers emotionally manipulate targets.
WhatsApp security timeline
WhatsApp’s security evolution reflects its response to growing digital threats. Key milestones include:
- 2014: End-to-end encryption rolled out for messages.
- 2017: Two-step verification introduced as an optional feature.
- 2021: Surge in account theft reports via social engineering.
- 2023: Enhanced reporting policies to tackle fraud.
- 2025: Estimated 3 billion users, with campaigns against scams.
These developments highlight ongoing efforts to balance privacy and safety, though user vigilance remains vital.
The toll of scams and quick action
WhatsApp scams carry heavy consequences, from financial losses to hijacked accounts used to trick loved ones. In 2024, Brazil saw over 60,000 fraud complaints tied to messaging apps, with WhatsApp at the forefront. The prepayment scam exploits trust in false promises, while account theft can spark a chain of harm, like fake money requests to contacts.
Swift action is crucial. For a stolen account, reactivate it promptly and warn your network. For financial fraud, notify your bank to attempt transaction reversals and file a police report. WhatsApp advises reporting within 24 hours to maximize the chance of banning the scammer.
WhatsApp’s tools and limitations
WhatsApp’s end-to-end encryption ensures only chat participants can read messages, but it doesn’t stop manipulation-based scams like those using verification codes or malicious links. The absence of a native filter to block unknown senders—a feature older messengers had—leaves a gap that scammers exploit.
Still, the app’s reporting tool effectively flags fraudulent accounts, which can be banned within 48 hours of review. For tracking, reliance on court orders limits direct user action but upholds data privacy, a cornerstone of WhatsApp’s policy.