How to use WhatsApp Web calling safely
WhatsApp Web calling is landing in more browsers, which is great, until you remember how many scams start with “quick, scan this QR” or “read me the code”.
🔴 You might also like to read:
Liz Thorne
WhatsApp Web calling is useful when your phone battery is drained, or you need a laptop mic for work chats, but account takeovers start with pressure and misdirection. Treat any request that tries to pull you from a public channel into a private one as the scam starting gun.
Calls also make fraud easier because a convincing voice can talk you into reading a code, scanning a QR, or approving a “reversal”. Watch for “proof of payment” screenshots and voice notes used as pressure tactics, then verify on a channel you choose.
WhatsApp Web calling, what you need to know first
Voice and video calling in the browser is rolling out, so some people will see call buttons in WhatsApp Web and others will not (yet). If you do not have it, WhatsApp Desktop already supports calling, and the safety rules below still apply because the same account and linked-device setup is necessary.
WhatsApp says voice and video calls are end-to-end encrypted, which means WhatsApp cannot listen to the call content. End-to-end encryption does not protect you from a compromised laptop, someone recording their screen, or you accidentally sharing sensitive stuff on your own display.
Linked devices, QR codes, and session hygiene
WhatsApp Web works by linking your phone to a browser session. Linked devices exist for convenience, and criminals know that convenience is a doorway. WhatsApp allows up to four linked devices, and you can view and remove them from your phone.
If you scan a QR code for WhatsApp Web, you are approving access to your chats on that browser session. If a stranger persuades you to scan a QR “to view a photo”, “join a meeting”, or “confirm your account”, that is an account takeover attempt in progress.
Do this on your phone right now (takes a minute)
Open WhatsApp on your phone → Linked devices → read the list like you are auditing bank transactions. Log out of anything you do not recognise. WhatsApp also says it disconnects linked devices after 30 days of inactivity, which helps, but “helps” is not the same as “safe enough”.
Do this every time you use a shared laptop
Use WhatsApp Web, finish the call, then log out of the session from your phone (Linked devices → tap the device → Log out).
Never assume you will remember later. “Later” is how someone else opens your messages during loadshedding.
Lock the account before the first call
Account protection is boring. That is why it works.
Turn on two-step verification
WhatsApp’s two-step verification adds a PIN that is required when your number gets registered again, and WhatsApp lets you add an email so you can reset the PIN if you forget it.
Set up a passkey on WhatsApp if your phone supports it
WhatsApp supports passkeys on some devices, which ties login to your phone’s biometric or device lock instead of a password.
Watch for WhatsApp’s security prompts
WhatsApp has introduced extra checks, such as Account Protect and Device Verification, to reduce account takeover attempts and suspicious linking. Those prompts are useful only if you take them seriously, and cancel anything you did not start.
End-to-end encryption protects the call content. Your job is to protect the account, the device session, and what is visible on your screen.
Use a clean laptop and browser, not a chaos machine
WhatsApp Web calling can be end-to-end encrypted and still be unsafe on your side.
Use your own device where possible
Public computers, office hot desks, and a friend’s laptop are a risk because you cannot vouch for what is installed, who else has access, or what gets stored.
Update your system software and browser
Security patches matter more than new features. Outdated browsers are a favourite entry point for malware, and malware beats encryption because it watches your screen and keyboard.
Lock your screen and use separate user profiles
A quick screen lock stops a lot of casual snooping. A separate user account on the laptop helps limit what a guest can see later.
Calling safely, scams, and what never to share
The scam pattern is basic: urgency, authority, and a request that makes you do the risky thing.
Never share any WhatsApp registration or verification code
WhatsApp is blunt about this: if you get a verification code you did not request, do not share it with anyone.
Treat “confirm your OTP” requests as hostile
SABRIC warns against sharing confidential info by phone and flags OTP sharing as a major risk point. Standard Bank also states it will never ask you to share your OTP.
Verify on a channel you choose
If someone calls on WhatsApp claiming to be your bank, your network, or “fraud”, end the call. Find the official number yourself and phone back. Pressure is the tactic.
Be strict about screen sharing and what is visible
If WhatsApp Web calling gives you screen sharing, assume it can expose bank tabs, email previews, client docs, and notifications. Share one window, not your full desktop. Close sensitive tabs first. No one worth speaking to needs you to show your banking app on a call.
Use security codes when it matters
WhatsApp explains that if you or your contact uses multiple devices, you may need to verify the security code on all devices. That is extra work, but it is the point of the check.
After the call, close sessions and reduce exposure
Log out of WhatsApp Web when you finish
Linked devices live longer than your memory. Log out of your phone from the Linked devices.
Review linked devices weekly
If you use WhatsApp Web a lot, set a weekly reminder and scan the list. Removing one unknown session early can save you a mess later.
Use WhatsApp’s scam and safety tools
WhatsApp publishes a checklist of safety habits, such as using official versions of the app, enabling extra account security, and learning to spot scams. Use it as a baseline, then layer your own common sense on top.
🔴 You might also like to read:
Liz Thorne
Liz Thorne
Comments ()