Technology

Warning for South Africans who use WhatsApp

25 March 2026
Add Google Preferred Source Follow on Google News

WhatsApp fraud is on the rise, putting South Africans at increasing risk of account takeovers and impersonation scams.

For many South Africans, WhatsApp is a quintessential part of their everyday lives, used for everything from talking to family and friends to sending important documents, bank notifications and communicating with colleagues.

Nedbank explained that users often lose access to the app, or worse yet, find that someone pretends to be them and messages their contacts.

“It happens more often than you’d think, and it can be a pain to sort out,” the bank said. “The good news is that you don’t have to be a tech expert to protect yourself.”

“WhatsApp has built-in features that make it a lot harder for hackers to slip in – provided you remember to turn them on. Here’s how you can deadbolt your account.”

One of the simplest ways users can protect themselves is to enable two-factor authentication, which is available in WhatsApp’s account settings.

“This is the most important step. Create a 6-digit PIN that’s required whenever your number is registered on a new phone. Without it, anyone who gets hold of your SIM card or verification SMS could gain control of your WhatsApp,” Nedbank explained.

Another way users can protect themselves is by adding a recovery email, which helps users reset their PIN so they won’t be locked out of their account if they forget it or get hacked.

“Just make sure that your recovery email is secure too, with its own strong password and two-factor authentication,” Nedbank said.

The bank also cautioned against using weak passcodes such as birthdays, “1111”, or “0000”. Unfortunately, many people still use these types of passwords.

“Hackers know that. Your device lock is the first barrier, so give them a challenge – use at least 6 digits with no obvious link to personal information like your birthdate,” Nedbank suggested.

“Better yet, use a password that mixes numbers, uppercase and lowercase letters, and special characters – or biometrics like a fingerprint or facial recognition ID.”

Users can also add an extra lock to WhatsApp itself. On most phones, this can be found under the privacy settings, on the “App lock” page.

“That way, even if someone gets hold of your phone, they still can’t get into your chats without your fingerprint or passcode,” the bank said.

Avoiding WhatsApp fraud

Another method users can employ to protect themselves is to encrypt their backups. Messages are already end-to-end encrypted, meaning nobody – not even WhatsApp – can read them.

However, Nedbank warned that cloud backups on iCloud or Google Drive can be a weak spot if they aren’t encrypted.

By enabling “End-to-end Encrypted Backup” on WhatsApp and creating a strong password, users ensure that hackers will find nothing but scrambled data if they hack their cloud account.

Nedbank also urged users to manage who can add them to group chats, since scammers often mass-add numbers to groups to advertise fake offers or phishing links. Users can control who can add them to groups in WhatsApp’s privacy settings.

Equally important as utilising WhatsApp’s in-app safety features is protecting the device itself from malware. Users can do this by –

  • Keeping WhatsApp updated
  • Downloading apps from official stores like Google Play or the App Store only
  • Reviewing app permissions regularly to avoid unnecessary access
  • Watching for unusual phone behaviour like overheating, fast battery drain, or high data use, as these could be signs of spyware

“Most successful hacks don’t need complex coding,” the bank cautioned. “All they need to do is trick you with an SMS, email or call.”

Some of the most common WhatsApp scams include the verification code scam, where users get an SMS with a six-digit code.

“Then someone pretending to be a friend or even WhatsApp itself asks you to send that code to them. The moment you do, you’re locked out,” Nedbank warned.

Impersonation scams are also very common and involve fraudsters hacking into someone’s WhatsApp account and posing as the account’s owner.

They send messages to their contacts, claiming to be in crisis, to trick them into sending money.

“But what’s even worse is that they might send a link from your friend’s chat, which allows them to hack into your WhatsApp if you tap it,” the bank explained.

Finally, Nedbank warned that “too-good-to-be-true offers” are also very common on WhatsApp at the moment.

Fake giveaways or links may try to steal login info, so users should never share their verification code and double-check links before clicking.

Saving a compromised WhatsApp account

According to Nedbank, there are some red flags which indicate that a WhatsApp account may be compromised. Users can look out for –

  • Replies to messages they didn’t send, or friends asking about messages from them that they didn’t send
  • Deleted messages or chats that the user didn’t delete or send
  • Changes to their profile information
  • Being added to unknown groups
  • WhatsApp saying a user’s account is in use on another device and asking the user to re-register

For users who find that their WhatsApp account has been compromised, Nedbank outlined several steps they can take to reclaim it.

First, they should make sure the SIM card linked to their WhatsApp account is inserted, and open WhatsApp on their smartphone.

Next, they should go to the “linked devices” option under settings, and log out of any linked devices they are not aware of. This will disconnect all additional devices from the account.

Where the messenger says the user is logged out and needs to register, they should enter their phone number and request a one-time code to log in.

Afterwards, they should enter the one-time code and their two-step verification PIN if they have one.

If the user does not have a two-step verification PIN, but WhatsApp requests it after they enter the one-time code, the hackers may have set a PIN to prevent them from regaining access to their account.

In this case, the user will need to reset their PIN. On the app, they should select “forgot PIN”. If they added a recovery email, they can use the link to reset it.

However, if the user has no recovery email, they will have to wait seven days to regain access, Nedbank explained.

“WhatsApp is too important to leave unprotected. Your biggest defence is awareness – if something feels dodgy, it probably is,” the bank said.

“At Nedbank, we understand that keeping your digital life safe is part of protecting your financial life as well. We encourage you to take 10 minutes today to lock down your WhatsApp.”

Newsletter

Top JSE indices

1D
1M
6M
1Y
5Y
MAX
 
 
 
 
 
 
 
 
 
 
 
 

Comments

Privacy policy | Contact | Advertise |

Articles and other information on Daily Investor is for information purposes only and is not financial or investment advice. It should not be seen as a recommendation to buy shares in any company. Our content is produced without considering the objectives, financial situation, or needs of individuals. Before making any investment decision, prospective investors should consider the appropriateness of the information to their own objectives, financial situation and needs and seek legal and taxation advice appropriate to their jurisdiction.

Profile Data logo

Price and trade data source:

JSE Ltd All other statistics calculated by Profile Data.

All data is delayed by at least 15 minutes.

Press Council South Africa IAB South Africa
Daily Investor proudly displays the “FAIR” stamp of the Press Council of South Africa, indicating our commitment to adhere to the Code of Ethics for Print and online media which prescribes that our reportage is truthful, accurate and fair. Should you wish to lodge a complaint about our news coverage, please lodge a complaint on the Press Council’s website, www.presscouncil.org.za or email the complaint to [email protected] Contact the Press Council on 011 4843612.