top of page

Subscribe my newsletter for engineering insights, news, and developments @ The Engineering ApeX 

2024 Alert: Secure Your WhatsApp Against Call Forwarding Hacks

As we step into 2024, it’s crucial for WhatsApp users worldwide to be aware of a prevalent hacking threat: call forwarding scams. This guide outlines how this global issue operates and offers preventive strategies, with a special focus on India where the issue is notably prominent.

Attack Scenario

Regardless of location, the scam typically starts with an attacker persuading you to dial a number with a specific prefix like *67 or 405. This triggers call forwarding, a feature present in telecom services globally, leading to the hacker gaining control of your WhatsApp account within minutes.

What's Happening?

In India, these numbers are common call-forwarding codes for carriers like Jio (405) and Vodafone (67). However, similar codes exist worldwide. Dialing them redirects your calls, including crucial OTPs for WhatsApp verification, to the attacker’s phone. This enables the hacker to access your WhatsApp account.

Understanding Call Forwarding: Call forwarding comes in several forms applicable globally:

  • Always forward: Redirect all calls to another number.

  • Call forward when busy: Forward incoming calls only when you're on another call.

  • Call forward when unanswered: Forward calls if you don't answer.

  • Call forwarding when unreachable: Forward calls when your phone is off or out of coverage.

Service Codes for Cellular Providers:

In India, the mechanism of this scam leverages specific call-forwarding codes used by major telecom operators. For instance, with Reliance Jio, users can set up various types of call forwarding: unconditional forwarding is activated with 401, forwarding when no answer is set with 403, for busy situations, 405 is used, and 409 is for when the phone is not reachable. Similarly, for Airtel and Vodafone-Idea users, the codes differ slightly: always forwarding calls is initiated with 21, forwarding when unanswered with 61, in busy situations, 67 is used, and for not reachable scenarios, the code is 62. Each of these codes, while designed for user convenience, can be manipulated by attackers in the context of this scam.

Note: Similar services exist globally, with varying codes. Users should consult their local provider for specific details.

Steps to Secure Your WhatsApp:

  • Enable 2-Step Verification (2FA): This is a crucial layer of security. By setting up a PIN or password that is required whenever a new device tries to access your WhatsApp account, you significantly reduce the risk of unauthorized access. This PIN is different from the OTP sent to your phone number and adds an additional barrier to attackers.

  • Be Wary of Unsolicited Instructions: Avoid call-forwarding instructions from unknown sources. Scammers often use social engineering tactics to manipulate victims into compromising their own security. If you receive a suspicious request, do not act on it without verifying the source.

  • Regularly Update Your App: Keeping your WhatsApp application updated ensures that you have the latest security patches and features. Developers continually update apps to fix vulnerabilities that could be exploited by hackers.

  • Review Privacy Settings: Take time to understand and configure your WhatsApp privacy settings. You can control who sees your profile information, status updates, and last-seen information. Being proactive about your privacy settings can help safeguard your personal information.

  • Educate Yourself About Phishing Scams: Be aware of phishing attempts where scammers might send links that look legitimate but are designed to steal your personal information. Avoid clicking on links from unknown sources and be cautious about sharing sensitive information.

  • Backup Your Chats Securely: Regularly backing up your chats can help you recover your data in case your account is compromised. However, ensure that your backups are secure. For instance, if you back up to Google Drive, make sure your Google account also has strong security measures in place.

  • Use Secure Networks: Avoid using public Wi-Fi networks for accessing WhatsApp, as these are often less secure and can be a gateway for attackers. If necessary, use a VPN to encrypt your internet connection.

  • Log Out from Linked Devices: WhatsApp lets you link your account to other devices. Make sure to regularly check and log out from any device that you no longer use or recognize.

By following these steps, you can significantly enhance the security of your WhatsApp account and protect yourself from potential cyber threats.

Conclusion: As digital threats continue to evolve, staying informed and vigilant is key to protecting your digital life, especially on popular platforms like WhatsApp. This guide, while focusing on India, is relevant to users worldwide, emphasizing the need for global awareness.


bottom of page