How to Recognize and Avoid Whatsapp Scams

How to Recognize and Avoid Whatsapp Scams

WhatsApp is easily one of the most popular instant messaging apps. Studies estimate that as of 2022, WhatsApp has more than 2 billion users who send an average of 100 billion messages daily. The app is also very popular because there are versions for most of the major operating systems in everyday use, including iOS, Android, Windows, and Mac. 

The app’s popularity and large number of users are advantageous to the average person. Anyone can pick up a smart device to send instant messages, media, and live location to stay better connected with friends, family, and loved ones. However, as with anything so popular, there is the ever-present risk of exploitation and scams.

What Is a WhatsApp Scam?

A WhatsApp scam is a type of fraud where cybercriminals try to get sensitive information or money from an unsuspecting victim by pretending to be a close friend, family member, or acquaintance. While there are several different types of WhatsApp scams, they all involve criminals using a ruse to obtain information they usually would not be able to access. 

Falling for a WhatsApp scam might not be as difficult as you think. Some of these criminals are very experienced and are almost always looking for new ways to scam potential victims who seem to be getting more skilled at avoiding scams. To avoid WhatsApp scams, it’s important to first understand the most common types and how they are used to deceive people. Methods commonly used by scammers include the following:

The Hijack

The WhatsApp Hijack involves taking control of someone’s account and using it to scam another person. The cybercriminal usually finds a way to access the first victim’s phone number and then uses the number to install WhatsApp on a different device. With WhatsApp now installed, the fraudster contacts a second victim who is an acquaintance of the first and spins a story about mistakenly sending a verification code to the second victim’s account. The unsuspecting victim releases the code and loses control of their account.

Impersonation

The impersonation scam is similar to the WhatsApp hijack because the fraudster pretends to be someone else in both cases. The difference here is that instead of hijacking an acquaintance’s WhatsApp, the scammer uses their account or that of a third party to message a victim. They may also find a photo of the person they are impersonating from Instagram or other social media platforms to use as their display picture. After a brief introduction, the scammer asks for money or other sensitive information.

Voicemail Box Hijack

This hack capitalizes on the average person’s use of a simple default PIN like 1111 or 1234. An attacker perpetrating the voicemail hack installs WhatsApp on their device and registers using the victim’s phone number. WhatsApp then sends a verification code to the actual owner as part of its security process. However, the fraudster usually chooses late hours, usually after midnight, when the victim is likely asleep or otherwise inactive and cannot detect the attack. 

After multiple attempts, the fraudster prompts WhatsApp to send the verification code via a voice call, claiming they did not receive a text. Since the victim is inactive, the call goes to voicemail. The hacker then remotely accesses the victim’s voicemail, especially if they use a weak PIN. After obtaining the verification code, the fraudster permanently locks the victim out by setting up 2-factor authentication.

Malicious Links

Scammers also use malicious links to target victims. This method is simple and may not require impersonation. The victim simply receives a message containing details of a survey or an offer with a promised freebie for participation. Unsuspecting victims may then fill the form with sensitive information or unknowingly install a bug or virus by simply clicking the link.

How to Recognize WhatsApp Scams

There are several things to look out for when trying to recognize WhatsApp scams. Although you generally should be wary of anything that doesn’t seem right, here are a few critical signs:

• Strange Numbers: You should think twice about offering any information to an unknown or strange number. If someone texts you claiming to be a loved one or acquaintance, you should try to verify by calling their number or reaching out to someone who can confirm that it’s the same person but with a new number. You should not offer any information or send money without confirming.
• Repeatedly Forwarded Messages: WhatsApp lets you know when you’ve received a forwarded message by adding an arrow and a “Forwarded” stamp. If the message has been forwarded at least five times, the stamp shows 2 arrows and “Forwarded many times.” Although not all forwarded messages are scams, you should double-check anyone who asks for sensitive information or money.
• Wording: In many cases, spam messages may not be well put together. These texts tend to contain a lot of misspellings and grammatical errors. Legitimate requests for information or pleas for money would likely be a lot more carefully worded.
• Rush: Scammers are usually in a hurry because they want to complete the scam before the victim is any wiser. In other cases, they only pretend to be in a rush so that the victim quickly offers the requested information or funds without enough time to think twice about it. The next time you get a weird request, take your time.
• No Phone Calls: WhatsApp fraudsters are also quite notorious for avoiding phone calls. They always find a way to wriggle out of a voice or video call especially when you become suspicious and would like more proof.

How to Avoid WhatsApp Scams

Understanding and recognizing the different types of WhatsApp scams is the first step to avoiding them. However, there are also several tips you can follow that will significantly reduce the chance that you’ll fall victim to a WhatsApp scammer. If you use WhatsApp, consider the following tips:

• Ensure that you change the PIN to your voicemail service from default numbers like “0000” or “1234.” Using a different PIN only available to you will make it difficult for fraudsters to successfully complete the Voicemail Box Hijack.
• If you receive a link from someone, whether a saved contact or a strange number, double-check the URL to ensure that it’s legit. Official links from reputed platforms like PayPal or Cash App are easily verifiable.
• Before sending money or sensitive information, try to contact the person using another means to ensure their WhatsApp hasn’t been compromised. You could call them, send an SMS, or maybe a direct message on Twitter or Instagram.
• Don’t let the person rush you. Fraudsters are likely to ask for urgent help because there’s some medical or financial emergency. No matter how willing you are to help, don’t be in a hurry.
• You could also try calling the person’s “old” number if someone claims to be a loved one or acquaintance but is using a strange number.
• Always use 2-factor authentication. WhatsApp will send you a PIN via SMS whenever someone tries to log in using your phone number. If the scammer does not input this PIN, access to your account would be impossible, especially if they also cannot access your voicemail box.
• Pay attention to the person’s spelling, grammar, and general choice of words. Without realizing it, we sometimes become accustomed to a person’s messaging style, including the kind of words they use, punctuation, slang, and other small bits. If it doesn’t read like the original person, you might be texting a scammer.
• If you’re still unsure, find a way to ask the person a question only they can answer. It could be something specific like where you first met them or the name of their pet. If they fail, they’re most definitely a fraudster.