A worrying new WhatsApp hack can also give cybercriminals access to your account.
Fraudsters try to gain access to a user account by using low-security voicemail mailboxes, according to Naked Security, a blog from UK security firm Sophos.
The attacks became so widespread that Israel's National Cyber Security Authority unleashed a nationwide warning.
To begin, attackers attempt to install the WhatsApp app with a legitimate phone number of the user on their own phone.
WhatsApp tries to verify the login attempt by sending a six-digit verification code via SMS to the victim's phone.
Hackers try to do this if the victim (eg at night) does not check the phone.
WhatsApp then gives users the ability to send the six-digit code by call with an automated message.
Since the user does not check the phone, ideally the message is sent to the voicemail.
The cheater then exploits a vulnerability in many telecommunications networks that provides customers with a generic telephone number for calling and retrieving their voicemails.
For many voicemails, users only need to enter a four-digit PIN. If it has not been changed, it is usually a simple password. For example, 0000 or 1234 by default.
Hackers enter the password and gain access to the victim's voicemail inbox so they can listen to the recorded message from WhatsApp, which contains the six-digit code.
You enter this code into your own device, giving you complete access to the victim's WhatsApp account.