WhatsApp has introduced stricter account-level protections to address the growing risk of phishing, spyware, and impersonation scams. With attackers increasingly targeting users through unknown numbers, malicious attachments, and spoofed calls, securing your account now requires more than basic privacy settings. The platform’s Strict account settings, rolled out in early 2026, are designed to reduce exposure by limiting how unknown users can interact with you.
Scam attempts on WhatsApp have evolved beyond suspicious messages. Attackers now rely on silent malware delivery, fake calls, and tracking links that do not require any action from the user. Strict account settings act as a defensive layer by locking down contact access, media delivery, and visibility by default.
How to enable strict account settings
To activate this protection, make sure WhatsApp is updated to the latest 2026 version and follow these steps:
1. Open Settings in WhatsApp.
2. Go to Privacy.
3. Tap on Advanced.
4. Turn on Strict account settings.
5. Create a unique 6-digit PIN to secure these preferences.
Once enabled, these settings cannot be changed without the PIN, preventing unauthorised changes if your account is compromised.
Core security features explained
Strict account settings automatically apply several protections that earlier required manual configuration.
Attachment filtering
All photos, videos, and documents from unknown numbers are blocked by default. This reduces the risk of zero-click malware that can exploit media previews or background downloads.
Call shielding
Calls from unknown senders are silenced and placed in a separate call log. This prevents voice-based scams and spoofing attempts from interrupting you.
IP address protection
Link previews are disabled entirely. This stops external servers from accessing your IP address when a link is shared in a chat.
Visibility lockdown
Your profile photo, “Last Seen,” and “About” details are restricted to saved contacts only, limiting how much information scammers can use to personalise attacks.
Standard mode vs strict account settings
Under strict account settings, unknown media is always blocked, link previews are disabled, profile details are visible only to contacts, group invites are restricted to contacts, and calls from unknown numbers are silenced automatically. In standard mode, many of these depend on user-defined preferences and remain partially open.
Immediate steps if you suspect a scam
If you believe your account is being targeted, act quickly.
1. Reset two-step verification
Go to Account > Two-step verification and change your PIN.
2. Log out of linked devices
Open Linked Devices and remove any session you do not recognise.
3. Enable passkeys
Switch from SMS-based verification to biometric authentication using fingerprint or face recognition.
Why this matters
Strict account settings reduce the attack surface of your WhatsApp account by default. Instead of reacting after a scam attempt, the system prevents most common attack methods from reaching you at all. For users concerned about privacy, impersonation, or financial fraud, enabling these settings is now one of the most effective ways to stay protected.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
