WhatsApp has introduced two new security layers aimed at stopping account takeovers and fraud from unknown numbers. The company says the changes are meant to interrupt social-engineering scams that trick users into handing over access themselves, rather than exploiting a technical hack.
One of the most common schemes involves a message from someone pretending to be a friend or asking users to “vote” through a link. Victims are pushed to a fake WhatsApp device-linking page and asked to enter a code sent to their phone. Once they do, the scammer can access their messages, groups, and contacts, and even write on their behalf. WhatsApp now adds a built-in warning during device linking. If a request looks suspicious, for example from a device in a different geographic location, the process stops and a prominent alert explains what the new device would be able to do, such as reading chats and sending messages, so the user can cancel before damage is done.
The second layer is designed to slow down conversations with unknown numbers. When a user opens a chat with a number they have never spoken to before, WhatsApp will show a pre-chat information screen. It reveals the country where the number is registered, whether the number is saved in the user’s contacts, and whether they share any groups. The idea is to create a “trust pause” that can expose warning signs, especially a foreign country code, before the first message is sent.
Security experts at WABetaInfo caution that the protections are not foolproof. If a scammer has already made it into the user’s contacts, the warning may not appear. They recommend enabling two-step verification immediately in the app settings, which adds a personal PIN as a final safeguard. They also stress that users should never enter verification codes or scan QR codes at someone else’s request, and should verify suspicious requests by calling the person directly.
