Being able to identify common causes of WhatsApp scamming will help you stay safe and ensure you aren’t duped by the con artists lurking around on the platform.
Family Member Impersonation Scams on WhatsApp
Who do people trust the most? Often it’s their family members – which is why an increasing number of WhatsApp scams involve malicious actors impersonating victims’ nearest and dearest.
A much-seen iteration of this scam is commonly known as the ‘Hi Mom, Hi Dad” scam, and involves the threat actor pretending to be a parent’s child with a new phone number.
Then, the scammer uses social engineering techniques – such as claiming their online bank account isn’t working, or that they’ve lost files and pictures – to extort money and/or personal information out of the unsuspecting victim (Image credit: Mosman Collective).
Jennifer Mcllveen, Editor of Tech.co, learned her grandfather recently fell victim to this kind of WhatsApp scam, after receiving the following message: “Hi dad, my other phone crashed so hence the new temporary number. Message me if you read this ❤️️”
“My family was on vacation at the time the scammer sent the message, so it seemed more plausible to my grandpa that his son (my dad) would be using a temporary number,” she explained.
“The impersonator went on to ask my grandpa to make some payments for them, claiming they needed the money that day and promising to pay him right back. By the time my grandfather realized something was wrong, he’d already sent over $2,800.”
Other people have had similar experiences with WhatsApp messages purporting to be from family members. One member of the public that contacted Tech.co by email said they’d received a convincing message from a scammer pretending to be their cousin, and that the scammer was even using their profile picture.
Similarly, the scammer then asked to be lent money, which immediately aroused suspicion. Luckily, in this case, the scammer was thwarted.
How Do I Protect Myself? If you’ve been messaged by a family member claiming to have a new number, message their old number to confirm it is in fact them. Do not click on any links sent from the new number until you have confirmed it is a family member.
Wrong Number Scams on WhatsApp
WhatsApp wrong number scams have been around for a while and often involve more subtle long-winded social engineering techniques.
They typically start with a message from an unknown number, introduce themselves or their business, and then claim that they entered the wrong number to explain their message (Image Credit: IBT Times India)
However, far from closing the conversation there, scammers will then ask you if you’d like to invest in their business. They may ask for your name and where in the world you’re based.
How Do I Protect Myself? As a general rule, if you’re contacted by a number you don’t recognize on WhatsApp, do not reply, and certainly do not give out any personal information. No legitimate business will be looking for investors in off-the-cuff WhatsApp conversations.
WhatsApp Call Forwarding Scams
Call forwarding scams hit the headlines towards the end of 2022, but are undoubtedly still being used as a way to take control of a victim’s WhatsApp account.
In a call forwarding scam, a victim will get a call from a scammer, who will try to convince them to ring a number. Unbeknownst to the victim, this is a call forwarding service request line, and it means that all calls to their number will now be directed to the scammer’s phone.
The scammer will then go through the WhatsApp setup process with the victim’s phone number, and ask for a one-time password (OTP) to be sent via phone call. As calls have been forwarded to the scammer’s phone, they can now take over the victim’s WhatsApp account.
How Do I Protect Myself? Be very wary of calls from unknown numbers on WhatsApp, especially if they don’t follow the traditional mobile/landline format used in your country. In reality, however, all unknown numbers should be treated with suspicion.
If they’re calling you on WhatsApp and you think it might be legitimate, you can always message the number to investigate – as long as you’re vigilant and don’t give away any personal information or click on any links.
“Complete This Survey” WhatsApp Scams
Last year, Kaspersky warned WhatsApp users about a scam message being circulated on the app that asked users to complete a short survey about their experience on WhatsApp.
Users were also asked to pay a small amount of money in order to receive the cash prize for the survey. Another, similar WhatsApp survey scam offering free Amazon gifts upon completion, such as Huawei phones, made the news in 2022 (Image Credit: Hindustan Times).
How Do I Protect Myself? Think logically. What kind of competition needs you to pay money in order to receive money? A fake one, that’s what.
WhatsApp Romance Scams
Although romance scams often start on dating apps like Tinder, dating apps are also the most attuned to hunting down and banning accounts trying to extort people. Furthermore, on almost all dating apps, you can block and report accounts if you think they’re acting suspiciously.
However, this means scammers often attempt to quickly move to WhatsApp or other social media platforms to continue their social engineering, and eventually extort large amounts of cash out of lovesick victims (Image Credit: New York Times).
Other romance scams spotted in the last year involved WhatsApp users being invited to a group for strangers seeking romantic relationships, only to be redirected via the link to a fake Facebook login page that stole the details of anyone that filled in the credential fields.
How do I Protect Myself? Never enter any account credentials into a link sent to you by an unverified number, especially for a major site. In the above case, you’d be able to find the Facebook group via your Facebook app or the website.
Learn how to spot Facebook and Facebook marketplace scams here.
WhatsApp Job Offer Scams
Lucrative – but ultimately fake – job offers are becoming a common way to lure in victims, with promises of high salaries and payouts often included to coax victims into applying.
Once the victim is hooked, scammers using this method typically try, through a variety of means, to get them to pay upfront for something, while continually promising payment for their work (Image credit: Reddit user meizymango):
One user commenting in the Reddit thread says that after accepting the test task, they were redirected to another messaging app, Telegram, and asked to pay a sum of money.
How Do I Protect Myself? Jobs are hard to come by – especially ones where you’ll be working with celebrity social media accounts. If you haven’t applied for one of these roles and you’re getting a generic WhatsApp message about it, it’s probably too good to be true. Never apply for a job like this without verifying the company and the representative first. No genuine job will ask you to pay upfront at any stage of the application process.
Also, in the example note the repeated claims that the target will be paid “instantly”, as well as the poor spelling and grammar. These are classic signs of a scam and any message that includes wild promises of immediate payment is not to be trusted.
WhatsApp Bank Scams
This year, there has been at least one report of scammers impersonating banks on WhatsApp – another institution people often trust.
One version of this con was reported on TikTok by US-based English teacher Amanda Seimitz in May of last year. It involved a scammer contacting her on WhatsApp purporting to be from her bank. The malicious actor claimed she had to update her banking details in order to pay outstanding bills and send/receive payments.
How do I Protect Myself? Nowadays, the vast majority of banks send you some information to prove to you that they hold your personal information, so first, check for that. Secondly, your bank will have a customer support line – if you’re worried whether a message is in fact from your bank, just start an independent channel of communication.
WhatsApp Two-Factor Authentication Scams
There have been some cases of scammers attempting to bypass WhatsApp’s two-factor authentication (2FA) system in order to take control of user accounts.
Scammers do this by first making a login attempt, which triggers a notification being sent to the victim’s phone, notifying them that someone is trying to log in.
Then, they message the target requesting the 2FA code, claiming they sent it to them by mistake, and are likely hoping that they don’t see or receive the login attempt notification. Here’s an example (Image Credit: Reddit user nitrous642):
If a scammer is successful, they could easily impersonate the victim and commit even more scams, such as extracting money from family members. Requests for money would look significantly less suspicious coming from a target’s actual phone number.
How do I Protect Myself? Of course, using 2FA where you can is always advised, including on WhatsApp. However, you should never, ever give your 2FA code to anyone. If an individual is requesting you send it to them, they’re attempting to take control of your account. There’s no other reason they’d need this.
WhatsApp Crypto Scams
A particular problem over the last year in India, WhatsApp groups full of Bitcoin “analysts” promising near-to 100% returns on investments have been popping up regularly.
Names and other details were not revealed, nor were company details or website addresses, and no one consented to be added to these groups – three signs there’s something shady going on (Image Credit: Inc42).
“Cheerleaders” were present in the group, seemingly used to confirm the claims made by analysts – however, it’s likely they’re just part of the scam too.
However, this problem isn’t just confined to India. Tech.co’s Isobel O’Sullivan recently received a WhatsApp crypto scam claiming that punters could make “between £1000 and £5000 dollars a day”:
How do I Protect Myself? Don’t be swayed by multiple people “confirming” that a method of money-making does in fact work. Not all scammers work alone.
WhatsApp Gold Scams
The WhatsApp Gold scam has been around for a little while, dating back to 2017, and preys upon peoples fear of missing out. It is best known as a Facebook post which claims that a video from WhatsApp, called Martinelli, is about to be released, and will cause your WhatsApp account to be breached if opened.
To avoid this, the scam post urges uses to download WhatsApp Gold. There’s an issue with this – WhatsApp Gold doesn’t exist. Follow the download link, and you’ll open yourself up to malicious malware and viruses, and risk having you data stolen.
How do I Protect Myself? Never download updates or ‘newer versions’ of WhatsApp from anywhere except the Apple App store or Google Play store.
WhatsApp Ecommerce Scams
Sometimes, scammers go back to basics. Instead of orchestrating an elaborate romance scam or pretending to be someone’s family member, they simply try to con people looking to purchase items on ecommerce platforms, shifting the conversations over to WhatsApp and scamming them there.
A verified reviewer on pissedconsumer.com that goes by the name of “Christian S Vce” reports that he was “trying to buy something online alibaba.com” when a scammer “tricked me off the platform [and] contacted me on WhatsApp making all these promises that they were a legitimate company, but now that they’ve got my money they running and not responding anymore.”
How do I Protect Myself? If you’re looking to purchase an item online, always make your purchase through legitimate websites that verify sellers and use protected payment methods. Most major ecommerce websites and platforms now do this. Treat any efforts to persuade you to make the payment another way with extreme caution – avoid sending money directly to bank accounts, especially for expensive purchases.
“You’ve Won Something” WhatsApp Scams
This is a sub-genre of phishing scam that is becoming more prevalent on WhatsApp and is a classic method of duping people into clicking on malicious links over text or email.
Often, the link posted as part of the message will track very closely to a legitimate website name, but will have some telltale signs, such as an accented character, like the scam text impersonating UK supermarket ASDA (Image Credit: DG Cars) or a subtle spelling error somewhere in the URL.
How do I Protect Myself? The old mantra “if it’s too good to be true, it probably is” is an excellent principle to live by on the internet. If you really want to check if you genuinely did win something, contact the customer service department of the company or business.
“My Phone has Broken” WhatsApp Scam
Reports of a WhatsApp scam have been circulating as recently as October 2022. It involves threat actors impersonating a family member or friend of a target in a WhatsApp message, and texting them from a “new” number claiming their “phone has broken”. Sometimes, threat actors will say the new number belongs to a friend in an effort to convey trust.
The threat actor will subsequently ask targets to urgently transfer the money to a bank account to pay a bill, a fine, or a similar sort of payment. This is sometimes called “push payment fraud”.
How Do I Protect Myself? If you’re using WhatsApp and you receive a message from a number you don’t recognize claiming to be someone you know, ask for proof of identity, and certainly do not part with any money or personal information.
WhatsApp Scams on Other Platforms
Unfortunately, WhatsApp scams aren’t confined to the WhatsApp app itself. WhatsApp is a bit of a household name, so it’s perfect for conveying legitimacy for email phishing campaigns, which usually focus on famous brands like Geek Squad and PayPal.
Tech.co reported on a WhatsApp email scam that was making the headlines back in April, which redirected unsuspecting users to a malicious webpage.
Users that clicked the “Allow” button on this page – which the site claimed would confirm they aren’t a robot – had malware downloaded onto their device (Image Credit: Amorblox)
How do I Protect Myself? If you receive an email from a big brand that includes spelling mistakes, is formatted in an odd way, or comes from an email address that looks strange, don’t open it, and certainly don’t click on it. Like with banks and other companies, you can always contact the company through a distinct, official channel to confirm that the email whether the email is legitimate.
Also, a lot of contemporary antivirus software comes with phishing protection and filtering, so it’s worth checking out some providers.
Tips for Avoiding Scams and Staying Safe Online
The simple rule for avoiding WhatsApp scams is this: Never answer WhatsApp messages or calls from numbers you don’t recognize, and never click on links included in WhatsApp messages from unknown numbers.
If the person messaging you claims to be a family member or friend, you can contact them through a different means (such as a social media account, or their actual number) to verify whether it’s legitimate or not.
As you can probably tell from some of the scams discussed in this article, the internet can be a dangerous place – and with 2.7 billion people using WhastApp worldwide, it’s going to be one of the most targeted platforms. However, there are lots of cyber threats to look out for – not all of them are confined to WhatsApp. When it comes to suspicious messages you receive – regardless of the platform – follow these rules:
- Don’t Click On Links: One click is all it takes to load malware onto your device. If you’re at all suspicious, don’t click.
- Check With Customer Service: If you want to confirm the legitimacy of an email, contact the company directly.
- Educate Yourself: Keep up to date with the latest scams, so you can spot and avoid them.
These are all well and good, but there are other things we’d advise doing to keep yourself safe. One thing that will instantly improve your security – especially in terms of your social media accounts – is using a password manager.
Password managers will help you ensure all of your passwords are sufficiently long and completely unique to every account you own. This means that even if one of your accounts is compromised, criminals won’t have an easy way into all the rest of the websites you hold one with.
So, whatever app you’re using, be sure to keep your ears to the ground and your eyes open – or you too could end up falling victim to one of these scams.
