Like many smartphone users, you probably find WhatsApp very useful. It's a secure channel for family chats, banking notifications, voice notes from colleagues, and even the odd document. Now imagine losing access to the app – or worse: someone pretending to be you and messaging your contacts. It happens more often than you'd think, and it can be a pain to sort out.

The good news is that you don't have to be a tech expert to protect yourself. WhatsApp has built-in features that make it a lot harder for hackers to slip in – provided you remember to turn them on. Here's how you can deadbolt your account.

Switch on 2-factor authentication

This is the most important step. Create a 6-digit PIN that's required whenever your number is registered on a new phone. Without it, anyone who gets hold of your SIM card or verification SMS could gain control of your WhatsApp.

To switch on 2-factor authentication, go to Settings > Account > Two-step verification > Toggle on

Add a recovery email

This helps you reset your PIN, so if you ever forget it or get hacked, you won't be locked out. Just make sure that your recovery email is secure too, with its own strong password and 2-factor authentication.

To set your recovery email, go to Settings > Account > Email address

Use strong passwords and recovery codes

A lot of us still use weak passcodes like 1111, 0000 or our birthdays. Hackers know that. Your device lock is the first barrier, so give them a challenge: use at least 6 digits with no obvious link to your personal information (like your birthdate). Bettter yet, use a password that mixes numbers, uppercase and lowercase letters, and special characters – or biometrics like a fingerprint or facial recognition ID.

You can also add an extra lock to WhatsApp itself. On most phones, it’s under Settings > Privacy > App lock. That way, even if someone gets hold of your phone, they still can't get into your chats without your fingerprint or passcode.

Encrypt your backups

Your messages are already end-to-end encrypted, meaning nobody (not even WhatsApp) can read them. But your cloud backup on iCloud or Google Drive can be a weak spot if it isn't encrypted.

In WhatsApp, go to Settings > Chats > Chat backup > End-to-end Encrypted Backup. Switch it on and create a strong password. If someone ever hacks your cloud account, they'll find nothing but scrambled data.

Manage who can add you to group chats 

Scammers often mass-add numbers to groups to advertise fake offers or phishing links. 

To control who can add you to groups, go to Settings > Privacy > Groups

Don't fall for scams

Most successful hacks don't need complex coding. All they need to do is trick you with an SMS, email or call. Some of the most common WhatsApp scams include:

• The verification code scam
  You get an SMS with a 6-digit code, then someone pretending to be a friend or even WhatsApp itself asks you to send that code to them. The moment you do, you're locked out.
  
  
• Impersonation scams
  A friend's WhatsApp gets hacked, and it’s bad enough if the hackers send a message posing as your friend, claiming they're in a crisis, to trick you into sending them money. But what’s even worse is that they might send a link from your friend’s chat, which allows them to hack into your WhatsApp if you tap it.
  
  
• Too-good-to-be-true offers
  Fake giveaways or links could try to steal your login info.

Never share your verification code and double-check before clicking links.

Protect your device from malware

• Keep WhatsApp updated.
• Download apps from official stores like Google Play or the App Store only.
• Review app permissions regularly to avoid unnecessary access.
• Watch for unusual phone behaviour – for example, overheating, fast battery drain, or high data use. These could be signs of spyware.

Signs your WhatsApp may be compromised

Watch out for these red flags:

• Replies to messages you didn't send, or friends asking about messages from you that you didn't send.
• Deleted messages or chats that you didn't delete or send.
• Changes to your profile information.
• Being added to unknown groups.
• WhatsApp telling you your account is in use on another device and asking you to reregister.

Reclaim your account

• Make sure the SIM card linked to your WhatsApp account is inserted, and open WhatsApp on your smartphone.
• Go to Settings > Linked devices
• If there are linked devices that you are not aware of, tap Log out. This will disconnect all additional devices from your account.

If the messenger tells you that you're logged out and need to register:

• Enter your phone number and request a one-time code to log in.
• Enter the one-time code and your 2-step verification PIN if you had one.

If you don't have a 2-step verification PIN, but WhatsApp requests it after you enter the 1-time code, the hackers may have set a PIN to prevent you from regaining access to your account. You will need to reset your PIN.

Reset your PIN 

• Tap Forgot PIN
• If you added a recovery email, use the link to reset it.
• If you have no recovery email, you'll have to wait 7 days to regain access.

Secure your privacy

WhatsApp is too important to leave unprotected. Your biggest defence is awareness: if something feels dodgy, it probably is.

At Nedbank, we understand that keeping your digital life safe is part of protecting your financial life as well. We encourage you to take 10 minutes today to lock down your WhatsApp.