Urgent Warning: Econet Users Targeted in New WhatsApp Hijacking Scam
A new wave of digital security threats is hitting Zimbabwe, with many Econet Wireless subscribers reporting that their WhatsApp accounts are being taken over by hackers—sometimes without even sharing an One-Time Password (OTP).
If you use WhatsApp on an Econet line, you need to act immediately to secure your account. Here is what is happening and how to protect yourself.
The Scam: How it Works Traditionally, hackers need you to "accidentally" share a 6-digit code sent via SMS to gain access to your account. However, recent reports suggest a more sophisticated approach.
Hackers are allegedly finding ways to intercept these OTPs or using "SIM swap" vulnerabilities to bypass the user entirely. Once they have control of your WhatsApp, they often message your contacts pretending to be you, usually asking for emergency money via EcoCash.
How to Lock Down Your Account (Step-by-Step) The single most effective way to stop a hacker in their tracks is to enable Two-Step Verification (2FA). Even if someone steals your SMS code, they cannot log in without a secondary PIN that only you know.
Follow these steps right now:
Open WhatsApp: Go to Settings.
Account: Tap on Two-step verification.
Turn On: Tap Enable or Turn On.
Create a PIN: Choose a 6-digit code that you will remember. Do not use "123456" or your birthday.
Add an Email: WhatsApp will ask for an email address. Do not skip this step. This is your only way to reset your account if you forget your PIN.
Safety Tips for Every Zimbabwean Motorist and Mobile User Never Share Your PIN: No one from Econet, ZAPU, or WhatsApp will ever ask for your 2FA PIN or an SMS code.
Verify Identity: If a friend or relative messages you on WhatsApp asking for money or an "OTP they sent to you by mistake," call them directly on a normal voice call to verify it is actually them.
Link Your Email: As shown in recent viral warnings, adding and verifying your email address in WhatsApp settings adds an extra layer of protection that hackers find nearly impossible to crack.
What to Do if You Are Hacked If you find yourself logged out of your account and unable to get back in:
Notify your contacts immediately: Use SMS or a phone call to tell people your WhatsApp has been compromised so they don't send money to scammers.
Re-register: Try to log back into WhatsApp with your phone number and verify via SMS. If the hacker has enabled 2FA, you may have to wait 7 days to access the account without the PIN.
Please share this guide with your parents and loved ones. Many older users are being targeted because they may not be aware of these security settings.