With more than two billion users, WhatsApp offers a vast pool of potential targets for scammers. To make things more complicated, fraudsters aren’t known for resting on their laurels – instead, they’re learning new and sophisticated social engineering skills to entrap us in their trickery.
Last year, ESET researchers reported that clone GB WhatsApp, which offers features that are not found in the original application, was found to be part of Android spyware detection in India last year. As the app is not available on the Google Play Store, it poses security risks as the sideloaded file can be modified and contain malware even before download. Without Play Store protection, trojan malware can run easily in the system without noticeable performance changes, making it difficult to detect and remove, often requiring a device reset to remove malicious code.
Whatsapp is used by so many people of different ages and backgrounds and in such diverse contexts that staying alert for dangers becomes increasingly important. And because anyone who knows your phone number can send you a message on WhatsApp, it is also easy for scammers to reach their targets.
Indeed, in December 2022, it was revealed that a database with over 500 million WhatsApp accounts had been posted for sale on the dark web. For a few thousand dollars, scammers can access information about endless numbers of actual, active WhatsApp users. What’s worse, taking control of just one account might have an unexpected snowball effect.
So are we at risk?
To put it bluntly, all WhatsApp users are at risk of being scammed. The fraudsters aren’t often looking for specific users – it is mostly a case of trial and error. Typically, they’ll use their strategies against a number of people, hoping to lure some of them. And too often, they do succeed: authorities all over the world have received reports of fraud on the order of millions of dollars.
Let’s now review a few fraudulent schemes that prey on WhatsApp users.
1. Smishing and verification codes
Your phone “beeps”: you’ve just received a text message with an unsolicited authentication code that claims to be from Microsoft, Google, or even WhatsApp. You ignore it, but then a second “beep beep” calls your attention to an incoming WhatsApp message from one of your contacts. The story is weird, but it seems urgent – they really need that code you received earlier. Apparently, it was sent to you by mistake.
RELATED READING: Hey there! Are you using WhatsApp? Your account may be hackable
A similar scenario can unfold when someone you don’t know claims they’ve “mistaken some digits of their number.” The goal of the scammer is to access an online account of yours that requires an SMS code for authentication. If you happen to give it, they will steal your information or even impersonate you.
2. “Hi mom!” impersonation scams
If you are a parent, you may not question a message from your kid asking you for a money transfer to pay some urgent bill – even if the message is coming from an unknown number. “Hi mom, this is my new number,” it starts.
The impostor will go the extra mile on this scam, happily taking time to build trust and use general answers that pretty much fit anyone. Before you know it, you’ve transferred an amount of money you will never see again.
Other people around you, including other family members, might be victims of the same scammer. So let them know this is happening and don’t be shy about it.
https://twitter.com/whichuk/status/1485338805628334081
3. Surveys, packages and lotteries – they’re all fake
Instead of a money transfer, you might also be deceived into handing over your personal information. While it might seem less troubling than losing money right away, it might actually be much worse in the long run.
Some legitimate services do offer customer support through WhatsApp. So it may not seem strange if you’re contacted, for example, by your bank alerting you of a “scam affecting customers” and requesting immediate action: fill out a form to prove that your personal data is correct. Oh, and that might include your banking credentials!
Another easy way to steal your info is by sending fake DHL or UPS texts requesting you to take a survey to confirm your delivery details (and maybe pay some missing fee). Even if you weren’t expecting anything to arrive, you might do it just in case someone sent you something unexpectedly.
For special events such as Christmas and Black Friday, when companies tend to make special offers, scammers create fake campaigns that mimic real ones. Some attention to detail, such as bad grammar or weird links, can be enough to detect the difference. But the eagerness to win big or grab an unbelievable bargain can override the red flags.
What’s more, these kinds of scams tend to be quite aggressive. Masquerading as publicity, they engage your curiosity. You click and share your personal details and contacts – and then the game is up. Some of these links might also spread various types of malware.
Many of us don’t believe we would ever be fooled into giving out this information through a messaging app. But it happens to thousands of people every year, as frauds become more sophisticated and deceitful – even faking empathy by creating a kind of bond between the victim and the scammer.
4. Charity scams – “$10 is enough to help”
Supporting a charity or cause, when we have the means, is a noble thing to do. But in times of crisis, it is quite likely that scammers will take advantage of good intentions. Scammers have no shame and will use all kinds of imagery and messaging to get you to donate to “a good cause”. These scams often involve fake websites and spread through WhatsApp and other messaging and social media apps and may even gain extra momentum when they’re shared by people who want to spread the word and help.
The fraudsters often use emotional tactics, such as claiming to help victims of natural disasters or illness, to trick people into giving money. In some cases, they may even use the name of a legitimate charity to gain people’s trust. However, the donations never reach the intended recipients.
To avoid falling for a charity scam, it is important to do thorough research on the organization before making any donations and to be wary of unsolicited requests, especially if they come from unfamiliar numbers. It is always best to directly contact the charity and verify the legitimacy of the request.
5. Catfishing – “I love you!”
You matched on a dating app, and after a few messages, you exchanged numbers and took the conversation to WhatsApp. Days have passed, and you know you won’t be meeting soon. You’re in different cities, maybe even different countries. Maybe the other person is working or even serving in the military somewhere far from home. Somehow all questions and doubts start vanishing as the conversation becomes more personal and intimate.
The trouble is, chances are super-high that it’s all a romance scam. In scenarios like this one, the scammer will take advantage of your hopes, leading you to trust them until they ask for a favor, accompanied by a meticulously cooked-up sob story about them badly needing money in order to help their relative or get out of trouble.
Needless to say, you’re parted from your money – most likely forever. What’s worse, many victims of romance scams are unwittingly recruited to become money mules in order to launder money obtained in illicit activities.
Social media and messaging platforms remain rewarding hunting grounds for dating fraud. Of all kinds of scams, romance scams can be particularly nefarious and damaging: they manipulate the victim’s feelings of trust, love, emotional connection, along with a profound desire for a romantic relationship and to help “no matter what.”
How can we protect ourselves?
There’s a golden rule: assume that there’s always a chance that a stranger writing you on WhatsApp is a scammer. If possible, just avoid answering strangers who message you out of nowhere.
But there are also a few other small rules you can keep in mind:
- Avoid sharing personal information with people you don’t know.
- Do not transfer money without confirming the authenticity of the request. For example, if your kid sends you a text asking for money, call them and listen to their voice.
- Never share verification codes with anyone. If someone had their code sent to you by mistake, they can request a new code themselves.
- Don’t open random links. If a friend sends something, ask what it is and if it’s intended for you. If curiosity gets the better of you, look out for grammar mistakes or weird links (for example, the link goes to a URL that doesn’t match the company name).
- Banks don’t write you on WhatsApp asking questions. And if you do think your bank might be contacting you, let them know you are not giving away any of your personal information and credentials on messaging apps, only through their official website.
Bonus tip: Don’t fall for random “updates” that you may see online and that promise colorful themes for WhatsApp. Instead, always use the official Google Play Store or Apple’s App Store to update not just WhatsApp but all the apps you use.