Tuesday, July 14, 2026Tue, Jul 14
HomeTechWhatsApp Account Hijacking: How the 'Vote for Emma' Scam Drains Your Contacts' Money
Tech · Digital Lifestyle

WhatsApp Account Hijacking: How the 'Vote for Emma' Scam Drains Your Contacts' Money

Malta Police alert: 'Vote for Emma' WhatsApp scam hijacks accounts and drains contacts' money. Learn how to protect yourself with two-step verification.

WhatsApp Account Hijacking: How the 'Vote for Emma' Scam Drains Your Contacts' Money
Smartphone screen showing WhatsApp warning alert about fraudulent messaging and account security

Malta Police have issued a fresh warning about a deceptive WhatsApp scam making rounds across the islands, a fraud that hijacks messaging accounts and turns victims into unwitting accomplices. The scheme, often appearing as a harmless request to "vote for Emma" in an online competition, is designed to steal account access and subsequently drain money from your contacts' bank accounts.

Why This Matters:

Account takeover in seconds: Clicking the link and entering a six-digit code hands total control of your WhatsApp to criminals, exposing your entire contact list, chat history, and group memberships.

Financial fraud spreads fast: Once compromised, scammers use your trusted identity to request urgent money transfers from friends and family.

Enable two-step verification now: This single security setting can block attackers even if they obtain your verification code.

How the Trap Works

The con typically begins innocuously. A message arrives from someone you know—a colleague, relative, or friend—asking you to help a child named Emma, Sonya, or Sofia win an online competition. The pitch often mentions scholarships or Disneyland tickets as prizes and emphasizes that voting closes imminently, creating artificial urgency.

When you click the embedded link, you land on a professional-looking website complete with ballet photos, participant lists, and vote counters. To cast your ballot, the site requests your mobile number. Moments later, WhatsApp sends you a six-digit verification code via SMS. The fake voting portal then prompts you to enter that code to "confirm your vote."

This is the moment the trap snaps shut. That verification code is actually WhatsApp's legitimate device-linking authentication, used when you want to connect WhatsApp Web or Desktop to your account. By typing it into the fraudulent site, you're granting the scammer's device full authorization to mirror your account. They instantly gain access to every conversation, contact, photo, and group chat you've ever participated in.

From Victim to Vector

Once hijacked, your account becomes the scammer's weapon. The criminals replicate the original "vote for Emma" message and send it to everyone in your contact list, exponentially expanding the fraud's reach. But the scheme doesn't stop at account theft.

Attackers leverage the trust embedded in your identity to escalate the con. Your contacts soon receive urgent pleas for financial help—fabricated emergencies, unexpected bills, or stranded-abroad scenarios—all seemingly from you. Because the messages originate from your verified account, friends and family have little reason to doubt their authenticity, making them far more likely to transfer funds immediately.

Many victims only discover their accounts have been compromised when contacts reach out to verify unusual money requests. By then, the damage may already be done, with personal conversations, business communications, and confidential media exposed to criminals.

The Social Engineering Advantage

This attack requires no sophisticated malware or technical hacking prowess. Instead, it exploits a fundamental vulnerability: human psychology. The emotional hook of helping a friend's child, combined with time pressure and the assumed safety of a message from a known contact, overrides critical thinking.

Even digitally savvy individuals have fallen victim. WhatsApp does display a warning when someone attempts to link a new device to your account, but in the rush to complete what appears to be a simple favor, many users dismiss or misunderstand the alert.

The scam has proven remarkably effective across Europe and beyond throughout 2026, with attackers continuously deploying new fraudulent domains and adapting their language to local contexts. The "Vote for Emma" variant is merely one iteration; similar cons have circulated under other names and competition types, all following the same fundamental playbook.

What Malta Residents Should Do

The Malta Police emphasize that prevention starts with skepticism. Never click links in WhatsApp messages requesting votes in online competitions, even when they appear to come from trusted contacts. Their accounts may already be compromised without their knowledge.

If you receive any request for money or sensitive favors via WhatsApp, verify it through a direct phone call using a number you already have saved—not one provided in the suspicious message. Legitimate friends will understand the precaution; scammers will typically make excuses or create additional urgency to discourage verification.

Under no circumstances should you share your WhatsApp verification code with anyone. Legitimate services, competitions, and even WhatsApp itself will never ask for this code. Treat it with the same security you'd afford your banking PIN.

Essential Security Measures

Malta-based cybersecurity advisers recommend activating two-step verification in WhatsApp immediately. This feature requires a six-digit PIN of your choosing whenever your account is verified on a new device, creating a crucial barrier even if attackers obtain your SMS verification code.

To enable it, open WhatsApp Settings, select Account, then Two-Step Verification, and follow the prompts to create your PIN. Memorize this number—don't store it digitally in an easily accessible location.

Regularly review your linked devices by navigating to Settings and selecting Linked Devices. If you spot any unfamiliar connections, disconnect them immediately and change your two-step verification PIN. This simple check can alert you to unauthorized access before significant damage occurs.

Malta Police also urge residents who suspect their accounts have been compromised to act swiftly. Request a new verification code to regain control, contact WhatsApp support directly through the app, and immediately notify your contacts about the breach so they can disregard suspicious messages from your account.

Report the incident to your nearest police station or through the official Malta Police website. While recovering stolen funds can be challenging, timely reporting helps authorities track fraud patterns and potentially identify perpetrators.

The Broader Threat Landscape

The "Vote for Emma" scheme isn't isolated. Similar election-related cons have proliferated in 2026, including fake electoral commission recruitment notices promising temporary positions for voter registration exercises. These typically include links to phishing sites designed to harvest personal information and identity documents.

For any election-related information, voter registration queries, or government job applications, always use official Malta government websites and verified channels. Legitimate agencies will never recruit via unsolicited WhatsApp messages or request verification codes through third-party links.

WhatsApp itself has introduced several defensive features in response to the escalating threat. The platform now offers screen-share warnings when users attempt to share screens with unknown contacts—a tactic scammers use to capture banking credentials during video calls. Context cards provide additional information about unfamiliar numbers, including whether accounts were recently created or registered abroad.

The "Silence Unknown Callers" function automatically screens calls from numbers not in your contacts, reducing interruptions from potential scam operations. While these tools enhance security, they work best when paired with informed user vigilance.

Building Resilience

The persistence of schemes like "Vote for Emma" underscores a fundamental challenge in digital security: technology alone cannot fully protect users from well-crafted social engineering. The most effective defense combines platform safeguards with educated skepticism.

Before responding to any message requesting action—whether voting, clicking, or transferring money—pause and evaluate whether the request makes sense. Does your contact typically ask for this type of favor? Is the urgency justified? Would they mind if you verified directly?

These simple questions create mental friction that disrupts the scammer's reliance on impulsive reactions. In a digital environment where fraudsters constantly adapt their methods, cultivating this habit of critical evaluation offers the most durable protection for Malta residents and their social networks.

Author

David Vella

Business & Tech Editor

Writes about Malta's financial services sector, iGaming industry, and emerging tech scene. Enjoys breaking down complex regulatory and economic topics into clear, useful reporting.