WhatsApp is an integral part of our lives by now and most of us spend at least an hour on this platform. WhatsApp has become a straightforward way of fraudsters distributing scam messages through various means in the hopes that vulnerable users will fall victim to an online scam. As a result of the platform becoming so accessible and widely used, WhatsApp cybercrime is rising, costing each victim thousands of rupees on an average.
The types of WhatsApp scams
Several types of WhatsApp scams are circulating, with the list set to grow as scams become more sophisticated. Look at some of the most common types of scams below.
Voicemail hacking
Cybercriminals gaining access to a user’s WhatsApp account by breaking into their voicemail box to obtain their verification code is common practice. When you first install WhatsApp, it verifies the account by sending a text method with a six-digit code. A cybercriminal can set up WhatsApp on their own device using stolen account details.
Re-frauding contacts is often straightforward for the criminal as they have contact names, profile pictures, and more. When it comes to WhatsApp sending the code by text, they select an option saying they never received the code prompting verification by phone. The fraudster knows WhatsApp will call the victim’s phone immediately and calls the victim simultaneously, so the call goes to voicemail. A voicemail is left in the victim’s inbox, and generally, for the hacker, the victim fails to change the default pin used to protect the inbox (usually something like 0000 or 1111). The hacker obtains the WhatsApp verification code and takes control of the account.
WhatsApp hijacking
Hijacking is a common method of gaining control of an unsuspecting user’s WhatsApp account to commit fraud. Hijacking consists of a cybercriminal obtaining the first user’s phone number. They install WhatsApp on their own device and then contacts the victim stating they are a friend and at the same time requests a verification code for the victim’s account. They message the victim simultaneously, saying the code was sent by accident to obtain the verification code and gain access to the victim’s account.
Impersonation scams
This type of scam usually involves the scammer pretending to be a friend, family member, or acquaintance, contacting a user from an unknown number (although the profile picture may be familiar), and immediately asking for money as a matter of urgency. The fraudster may entice the recipient with photos they’ve found of a friend on social media or may refer to events that the user has posted about on sites like Facebook.
News from Times of India dated 15th July 2022
Malicious links
External links are a simple scam method for fraudsters, enabling mass distribution of a URL that leads to the recipient being directed to a browser to complete a survey promising a freebie. The user completes the survey and parts with sensitive details such as their name, address, email address, and bank details. The fraudster can use these details for identity theft or sell on to third parties.
It is disheartening to see that even educated friends and relatives can fall into such traps. I got this last week from our trekking group:
Compromised apps
Although there are no current unofficial WhatsApp versions on the iOS AppStore or the Android PlayStore, there have been reports in the past confirming malware hidden in apps that were available for download. Once a user downloaded the compromised app, messages were propagated, sending links to the download page to other WhatsApp users to further spread the malware.
Many times, your friends may forward APK files claiming that those files allow you to use premium paid apps OR watch Netflix content for free. Such apps can come loaded with malware that can steal information from your mobile phones. Believe me such pirated apps are absolutely not worth the risk you take in this digital age.
How to recognize a WhatsApp scam
Although I have listed some of the most common examples of WhatsApp scams, that’s not to say new scams won’t arise. To ensure you don’t fall into the trap of such a scam, there are a few signs to familiarize yourself with to help you recognize a scam:
So long as the scammer hasn’t hijacked somebody’s WhatsApp account, scam messages will come from an unknown number.
Fraudsters contacting you from an unknown number may tell you they are a friend (in your contacts) and they’ve changed numbers.
Scam messages are often written in poor English and consist of several spelling and grammar errors.
There’s usually a sense of urgency with the message, such as an “act now” type of text to get you to part with sensitive details or pay a fee before it’s too late.
Messages may start friendly, but the conversation may quickly revert to discussing money.
The scammer may ask you to transfer money using a method like PayPal that doesn’t require bank account details.
They do not answer your calls if you try to contact them.
How to avoid WhatsApp scams
Familiarizing yourself with the types of WhatsApp scams and knowing how to identify them is helpful, but it’s more beneficial if you can prevent these scams altogether. Check out the best practices below to give yourself a fighting chance at preventing WhatsApp scams:
If you receive a message from a number saying it’s from PayPal, for example, long-press the included link and analyze the URL to see if the web address matches the official PayPal website.
Messages from unknown numbers asking for money are usually malicious. We’d recommend confirming with your friend via another communication method before acting.
Try calling the number of a contact you don’t recognize, and if nobody answers the call, send an SMS to your friend’s old number asking if it’s them contacting you.
You can add a pin code to your voicemail service, which will insert a barrier between you and a fraudster, preventing them from retrieving WhatsApp verification codes from your voicemail.
Activate WhatsApp 2-step verification. Once enabled, WhatsApp will send a verification code to your default device when someone tries to log in from another device.
Take a closer look at the language used in the messages you receive, asking yourself whether this unknown contact sounds familiar and whether their spelling and grammar are off compared to normal.
If someone states they are from your bank or mobile phone provider stating that urgent payment is required, take a step back and consider the message’s legitimacy and how much difference a day or two could make by not paying.
Send a reply to the scammer asking something only your contact would know (like their pet’s age). If they don’t reply, you have an idea that it’s a scam.
Got a request for a verification code via WhatsApp? Before you check your inbox (or another verification method) and hand over the code, consider if it’s a code you personally requested.
How to report a WhatsApp scam
If you believe you may have been a victim of a WhatsApp scam, you can report it to them by following these steps:
Android: open WhatsApp, hit More Options, and head to Settings>Help>Contact Us to submit a scam report.
iOS: Open WhatsApp, tap Settings>Help>Contact Us.
How to report a suspicious phone number
WhatsApp takes concerns over suspicious contact numbers seriously. You can report questionable numbers to WhatsApp by following these steps:
Open the chat relating to the suspicious contact.
Open the chat details to find the number, group, or contact name to find their account information.
Scroll to the bottom of this section and select Report Contact or Report Group.