Here’s a roundup of some of the most common tricks that fraudsters use to dupe their victims on WhatsApp – and what you can do to protect yourself against them.
With more than two billion users, WhatsApp offers a vast pool of potential targets for scammers. To make things more complicated, fraudsters aren’t known for resting on their laurels – instead, they’re learning new and sophisticated social engineering skills to entrap us in their trickery.
The app is used by so many people of different ages and backgrounds and in such diverse contexts that staying alert for dangers becomes increasingly important. And because anyone who knows your phone number can send you a message on WhatsApp, it is also easy for scammers to reach their targets.
Indeed, in December 2022, it was revealed that a database with over 500 million WhatsApp accounts had been posted for sale on the dark web. For a few thousand dollars, scammers can access information about endless numbers of actual, active WhatsApp users. What’s worse, taking control of just one account might have an unexpected snowball effect.
So, are you at risk?
To put it bluntly, all WhatsApp users are at risk of being scammed. The fraudsters aren’t often looking for specific users – it is mostly a case of trial and error. Typically, they’ll use their strategies against a number of people, hoping to lure some of them. And too often, they do succeed: authorities all over the world have received reports of fraud on the order of millions of dollars.
Let’s now review a few fraudulent schemes that prey on WhatsApp users.
1. Smishing and verification codes
Your phone “beeps”: you’ve just received a text message with an unsolicited authentication code that claims to be from Microsoft, Google, or even WhatsApp. You ignore it, but then a second “beep beep” calls your attention to an incoming WhatsApp message from one of your contacts. The story is weird, but it seems urgent – they really need that code you received earlier. Apparently, it was sent to you by mistake.
A similar scenario can unfold when someone you don’t know claims they’ve “mistaken some digits of their number.” The goal of the scammer is to access an online account of yours that requires an SMS code for authentication. If you happen to give it, they will steal your information or even impersonate you.
2. “Hi mom!” impersonation scams
If you are a parent, you may not question a message from your kid asking you for a money transfer to pay some urgent bill – even if the message is coming from an unknown number. “Hi mom, this is my new number,” it starts.
The impostor will go the extra mile on this scam, happily taking time to build trust and use general answers that pretty much fit anyone. Before you know it, you’ve transferred an amount of money you will never see again.
Other people around you, including other family members, might be victims of the same scammer. So let them know this is happening and don’t be shy about it.
3. Surveys, packages and lotteries – they’re all fake
Instead of a money transfer, you might also be deceived into handing over your personal information. While it might seem less troubling than losing money right away, it might actually be much worse in the long run.
Some legitimate services do offer customer support through WhatsApp. So it may not seem strange if you’re contacted, for example, by your bank alerting you of a “scam affecting customers” and requesting immediate action: fill out a form to prove that your personal data is correct. Oh, and that might include your banking credentials!
Another easy way to steal your info is by sending fake DHL or UPS texts requesting you to take a survey to confirm your delivery details (and maybe pay some missing fee). Even if you weren’t expecting anything to arrive, you might do it just in case someone sent you something unexpectedly.
For special events such as Christmas and Black Friday, when companies tend to make special offers, scammers create fake campaigns that mimic real ones. Some attention to detail, such as bad grammar or weird links, can be enough to detect the difference. But the eagerness to win big or grab an unbelievable bargain can override the red flags.
What’s more, these kinds of scams tend to be quite aggressive. Masquerading as publicity, they engage your curiosity. You click and share your personal details and contacts – and then the game is up. Some of these links might also spread various types of malware.
Many of us don’t believe we would ever be fooled into giving out this information through a messaging app. But it happens to thousands of people every year, as frauds become more sophisticated and deceitful – even faking empathy by creating a kind of bond between the victim and the scammer.
4. Charity scams – “$10 is enough to help”
Supporting a charity or cause, when we have the means, is a noble thing to do. But in times of crisis, it is quite likely that scammers will take advantage of good intentions. Scammers have no shame and will use all kinds of imagery and messaging to get you to donate to “a good cause”. These scams often involve fake websites and spread through WhatsApp and other messaging and social media apps and may even gain extra momentum when they’re shared by people who want to spread the word and help.
The fraudsters often use emotional tactics, such as claiming to help victims of natural disasters or illness, to trick people into giving money. In some cases, they may even use the name of a legitimate charity to gain people’s trust. However, the donations never reach the intended recipients.
To avoid falling for a charity scam, it is important to do thorough research on the organization before making any donations and to be wary of unsolicited requests, especially if they come from unfamiliar numbers. It is always best to directly contact the charity and verify the legitimacy of the request.
4. Catfishing – “I love you!”
You matched on a dating app, and after a few messages, you exchanged numbers and took the conversation to WhatsApp. Days have passed, and you know you won’t be meeting soon. You’re in different cities, maybe even different countries. Maybe the other person is working or even serving in the military somewhere far from home. Somehow all questions and doubts start vanishing as the conversation becomes more personal and intimate.
The trouble is, chances are super-high that it’s all a romance scam. In scenarios like this one, the scammer will take advantage of your hopes, leading you to trust them until they ask for a favor, accompanied by a meticulously cooked-up sob story about them badly needing money in order to help their relative or get out of trouble.
Needless to say, you’re parted from your money – most likely forever. What’s worse, many victims of romance scams are unwittingly recruited to become money mules in order to launder money obtained in illicit activities.
Social media and messaging platforms remain rewarding hunting grounds for dating fraud. Of all kinds of scams, romance scams can be particularly nefarious and damaging: they manipulate the victim’s feelings of trust, love, emotional connection, along with a profound desire for a romantic relationship and to help “no matter what.”
How can we protect ourselves?
There’s a golden rule: assume that there’s always a chance that a stranger messaging you on WhatsApp is a scammer. If possible, just avoid answering strangers who message you out of nowhere.
There are also a few more rules you can keep in mind:
- Avoid sharing your personal information with people you don’t know.
- Do not transfer money without confirming the authenticity of the request. For example, if your child sends you a text asking for money, call them to make sure the request came from them.
- Never share verification codes with anyone. If someone had their code sent to you by mistake, they can request a new code themselves.
- Don’t click on random links or open random attachments. If it looks like a friend sent you something, ask them via other channels if the message was really intended for you. Make sure to also look out for grammar mistakes or weird links (for example, the link goes to a URL that doesn’t match the company name).
- Banks don’t message you on WhatsApp to ask questions. Never give away any of your personal information and login credentials via messaging apps. Visit the bank’s official website, ideally by typing its URL address into the web browser.
- Keep your phone’s operating system and apps updated.
- When doing so, make sure to use the official Google Play Store or Apple’s App Store to update not just WhatsApp but all the apps you use. Don’t fall for random “updates” that you may see online and that promise colorful themes for WhatsApp.
- Just as importantly, use a reputable mobile security solution.
RELATED READING: 10 signs that scammers have you in their sights
by André Lameiras, ESET
One thought on “Common WhatsApp scams and how to avoid them”
I really appreciate the knowledge shared in this article.
The article discusses common scams that fraudsters use on WhatsApp, including smishing and verification codes, impersonation scams, fake surveys, packages and lotteries, charity scams, and romance scams. It warns that all WhatsApp users are at risk of being scammed and offers tips to protect oneself, such as not sharing personal information, not transferring money without verifying requests’ authenticity, and not clicking on random links or attachments. The article also emphasizes the importance of keeping the phone’s operating system and apps updated and using a reputable mobile security solution.