How to Protect Yourself from WhatsApp Scams in 2023

ByJon Cosson Posted on Updated on
Scam Sign, with green lit background

We may earn a small fee from the companies mentioned in this post.

Imagine having a tool in your pocket that connects you with over 2 billion people around the globe, a tool that allows you to share moments, memories, and even conduct business. Now imagine the potential risks of scams with such a tool. That’s the reality of WhatsApp in today’s digital age. But don’t worry, we’ve got you covered. We’re here to arm you with knowledge to protect yourself and your loved ones from WhatsApp scams today.

Short Summary

  • Be aware of WhatsApp scams and their potential to exploit the platform’s large user base.

  • Verify sender identity, be cautious with links/attachments, implement two-factor authentication (2FA), hide status & report spam messages for protection.

  • If scammed on WhatsApp, contact your bank or financial institution immediately & change passwords with 2FA enabled.

Understanding WhatsApp Scams

Young girl shocked on her phone as she believes someone is using whatsapp scams to socially engineer her

WhatsApp, with its massive user base and end-to-end encryption, is a hotbed for scammers. With over 2.7 billion users, WhatsApp is a fertile hunting ground for those looking to exploit unsuspecting users. Scammers often create a sense of urgency, masquerading as a family member or a celebrity representative, to deceive users into revealing their login credentials or gain unauthorized access through social engineering techniques, wreaking havoc.

These scammers are able to take advantage of the platform’s large user base.

Checkout our informative article on what a cyber attack means

Large User Base

Now you may wonder why a large user base makes WhatsApp a prime target for scammers. The answer is simple: more users mean more potential victims. With over 2 billion monthly active users globally and more than 75 million users in the United States alone, WhatsApp is a prime target for scammers looking to exploit unsuspecting users.

The significant user base of WhatsApp, a popular messaging app, renders it a desirable target for scammers, including common whatsapp scams, aiming to take advantage of unsuspecting WhatsApp users and their WhatsApp account, potentially compromising their WhatsApp contacts as well. One such example is the WhatsApp Gold scam, which preys on users’ trust and curiosity by sending a deceptive WhatsApp message, making it a typical WhatsApp scam.

End-to-End Encryption

End-to-end encryption, while designed to protect users, can sometimes provide a false sense of security. This encryption ensures that only the sender and recipient can read the messages they exchange. Sounds safe, right? However, this doesn’t prevent scammers from tricking you into revealing sensitive information.

End-to-end encryption doesn’t provide protection against social engineering tactics, such as phishing and malicious links, which scammers use to deceive users.

Common WhatsApp Scams to Watch Out For

Whatsapp Scams alert message o a samrt phone with white tet and a red background, with a yellow triangle

Now that we’ve touched on why WhatsApp is a breeding ground for scams, let’s delve into some of the common WhatsApp scams you need to watch out for. From stealing personal information and identity theft, to installing malicious software, these scams are designed to defraud users.

Some of the common scams include fake tech support, phishing and fraudulent links, as well as deceptive job offers and investment opportunities.

Fake Tech Support Scams

One common scam that has been making the rounds on WhatsApp, is the fake tech support scam. In this scam, scammers pretend to be WhatsApp support personnel, sending a scam message alongside spam messages to pilfer confidential information or gain access to a WhatsApp user’s account. They often exploit the victim’s identity and request financial aid from their contacts, using the current economic hardship to their advantage.

Scammers are becoming increasingly sophisticated in their tactics, making it difficult for users to identify the scammers actions as fraudulent.

Phishing and Fraudulent Links

Another common scam on WhatsApp is phishing and fraudulent links. In these scams, attackers attempt to deceive individuals into disclosing sensitive information or downloading malware. They can steal details, login credentials, banking information, and any other vital data from unsuspecting users, leading to financial loss and identity theft.

These scams can be difficult to spot, as they often appear to come from legitimate sources.

Checkout our article on what is Smishing

Deceptive Job Offers and Investment Opportunities

Deceptive job offers and investment opportunities are yet another common scam on WhatsApp. These scammers design schemes to deceive users into parting with their money or personal information. It’s important to always verify the company and the representative before applying or asking for money for a job and remember that no legitimate job will require payment at any stage of the application process.

Always be wary of any job offers or investment opportunities that come through WhatsApp. Do your research.

Essential Tips for Avoiding WhatsApp Scams

Yound man reading a message from his smart phone

So, how do you protect you and your family from these scams?

Here are some essential tips:

  • Verify the sender’s identity, especially when receiving an unsolicited message
  • Be cautious with links and attachments
  • Implement two-factor authentication (2FA)
  • Report spam messages

Hiding your WhatsApp status is another effective way to prevent unsolicited messages. Let’s dive deeper into each of these tips.

Verify Sender Identity

The first line of defense against scams is verifying the sender’s identity by cross-referencing their personal and bank details either with other platforms or asking questions that only the sender would know, which can help in confirming their identity.

If you receive a message from someone claiming to be your child and requesting money, you should verify their purported new telephone number and verbally confirm any associated banking account information prior to initiating a money transfer.

Be Cautious with Links and Attachments

The next line of defense is to be cautious with links and attachments. Links and attachments on WhatsApp may contain malicious software or direct users to phishing websites. You should examine URLs for any irregularities that are not associated with the brand name, as well as any other indications of potential maliciousness.

Be sure to check the source of the link or attachment before clicking on it.

Implement Two-Factor Authentication (2FA)

The final line of defense is implementing two-factor authentication (2FA). Two-factor authentication (2FA) provides an additional layer of security to your accounts, making it more challenging for malicious actors to gain access.

WhatsApp’s 2-step verification provides an additional layer of security by sending a WhatsApp verification code to the default device upon any login attempt from another device.

What to Do if You’ve Been Scammed on WhatsApp

Man at his desk, recieving some bad news as he has becomes a victim of a whatsapp scam on his smart phone

So, what do you do if you’ve been scammed on WhatsApp? The first step is to report the scam to WhatsApp. If your financial details have been compromised, then contact your bank or financial institution and change your bank account details. You should also change your passwords and enable 2FA.

Let’s explore each step in more detail.

Report the Scam to WhatsApp

The first step when you’ve been scammed is to report the scam to WhatsApp. You can report a scam by long-pressing on a single message, selecting ‘Report’, and then following the instructions provided.

By reporting the scam, you are helping prevent further deception and protect other users from falling victim to the same scam.

Contact Your Bank or Financial Institution

The next step is to contact your bank or financial institution. If you’ve been scammed out of money, your bank or financial institution can assist you with freezing your bank account or reversing the transaction.

You can contact your bank or financial institution by phone, email, or through their website.

Change Account Passwords and Enable 2FA

Man messaging on his smart phone whilst at desk

The final step is to change your account passwords and enable 2FA. Changing your account passwords is essential to thwart any further unauthorised access to social media accounts and safeguard your personal information.

To enable two-factor authentication, navigate to the settings of the relevant account and locate the two-factor authentication option, then follow the provided instructions to complete the two step verification setup.

Depop WhatsApp scam

Scammers are always on the lookout for new avenues to exploit innocent users. One such emerging scam that has gained traction in 2023 is the Depop WhatsApp scam that is targeting Depop users.

This scam primarily targets users of Depop, a popular peer-to-peer social shopping app, and leverages the trust and ubiquity of WhatsApp to execute the fraud. In this chapter, we’ll delve into the mechanics of this scam, how it works, and most importantly, how you can protect yourself.

How It Works

  1. Initial Contact: The scam usually starts with the scammer posing as a potential buyer on Depop (via a web browser or the Depop App). They express interest in an item you’re selling and ask if they can communicate with you via WhatsApp for a “quicker and more direct” conversation.
  2. Switch to WhatsApp: Once the conversation moves to WhatsApp, the scammer may ask for additional photos or details about the item. This is to build trust and make you feel comfortable.
  3. Payment Method: The scammer then agrees to buy the item and asks for your payment details. They may insist on using a specific payment platform that you’re not familiar with or ask for your bank details directly.
  4. Fake Payment Confirmation: The scammer sends a fake payment confirmation screenshot or email, claiming that the payment has been made and is pending until you ship the item.
  5. Shipping the Item: Once you ship the item, the scammer disappears, and you realise that no payment has been made.

Red Flags to Watch For

  • Urgency: Scammers often create a sense of urgency, pressuring you to make quick decisions without proper verification.
  • Switching Platforms: Be cautious if the buyer insists on moving the conversation to another platform, especially one where the transaction is not protected.
  • Other Shipping Addresses: Ensure you only ship to the approved shipping addresses verified by the application. Scammers often attempt to persuade you to send the item to other shipping addresses.
  • Unfamiliar Payment Methods: Always be skeptical if asked to use a payment method you’re not familiar with. Using your paypal account or similar trusted platforms is preferable to non-standard methods, ensure you follow the App’s payment policy to ensure you are covered by the seller protection process.

How to Protect Yourself

  1. Stay on the Platform: Always conduct all communications and transactions within the Depop app, which offers buyer protection as well as seller protection.
  2. Verify Payment: Never ship an item until you have verified that the payment has been received in your account.
  3. Be Skeptical: Always question if something seems too good to be true, and take the time to do your due diligence.
  4. Report Suspicious Activity: If you encounter a potential scammer, report them to both Depop and WhatsApp as this could indicate the use of fraudulent accounts.

If you require more information on Depop scams read our informative blog post

WhatsApp Scams and Artificial Intelligence (AI)

Artificial Intelligence (AI) has become a double-edged sword in the digital world. While it has numerous beneficial applications, it’s also being exploited by cybercriminals for nefarious activities, including social engineering and scamming on platforms like WhatsApp.

Social engineering is a technique used by cybercriminals to manipulate individuals into revealing confidential information. It’s essentially a scam that leverages human psychology. In the context of WhatsApp, social engineering might involve a scammer posing as a trusted contact or an authoritative figure to trick users into sharing sensitive information or clicking on malicious links.

AI enhances the effectiveness of these scams in several ways. For instance, AI algorithms can be used to automate the process of sending scam messages to a large number of users at once. These messages can be personalised and made to appear more credible using information scraped from the Internet, thereby increasing the likelihood of users falling for the scam.

Moreover, AI can be used to create deep fakes – highly realistic fake audio or video content. A scammer could, for example, use AI to mimic the voice or appearance of a trusted contact in a video call, tricking the user into believing they’re interacting with the genuine person.

Read our article of Deep Fake Scams

AI can also be used to analyse the responses of users to scam messages, helping scammers refine their tactics and become more effective. For instance, machine learning algorithms can identify which types of messages are most likely to elicit a response, and this information can be used to craft more convincing scam messages in the future.

To protect yourself from AI-enhanced scams on WhatsApp, it’s crucial to stay informed about the latest scamming techniques and to exercise caution when receiving unexpected messages or requests, even if they appear to come from a trusted contact. Always verify the identity of the sender through a separate communication channel before sharing sensitive information or clicking on any links.

Remember, AI is a tool, and like any tool, it can be used for both good and bad. By staying vigilant and practicing good cyber hygiene, you can protect yourself from AI-enhanced social engineering scams on WhatsApp.

Summary

In conclusion, WhatsApp, while a convenient tool for global communication, can also be a hotbed for scammers and fraudsters. By understanding the most common scams (including WhatsApp Scams), verifying the sender’s identity, being cautious with links and attachments, and implementing two-factor authentication (2FA), you can protect yourself and your loved ones.

If you ever fall victim to a scam, remember to report the scam to WhatsApp, contact your bank or financial institution, and change your account passwords and enable 2FA. Remember, knowledge is power, and with the right tools, you can navigate the digital world safely.

Protect against WhatsApp scams video – Jon Cosson YouTube Channel

YouTube player

Frequently Asked Questions

Why do scammers want to chat on WhatsApp?

Scammers use WhatsApp to try and steal passwords, data, or money by impersonating ‘tech support’, offering’verification’ services, or inviting people to upgrade to ‘WhatsApp Gold’.

They also attempt to commit identity theft and install malicious software on the victim’s device.

Why am I getting WhatsApp messages from strangers?

You may be getting WhatsApp messages from strangers because your phone number has been collected by spammers, shared with other spammers, or used by someone you know.

Furthermore, they might be trying to spread misinformation or trick you into a suspicious message or giving them money. Don’t tap, share, or forward suspicious messages.

What can a scammer do with my phone number and picture?

Scammers can use your phone number to collect and distribute sensitive data, send phishing messages or calls, and gain access to financial accounts. They could also post your information on the Dark Web for purchase by others.

Can scammers hack my phone through WhatsApp?

Hackers can access your WhatsApp account and messages by hijacking it through a call forwarding trick, where a one-time password verification code is sent to another phone number. Be vigilant of malicious links as they may infect your device and grant hackers access to your personal information.

It is important to be aware of the potential risks of using WhatsApp and other such messaging apps and services. Taking steps to protect your account and data is essential to ensure your safety and security. Make sure to enable two-factor authentication, use strong passwords, and avoid clicking.

What are common WhatsApp scams?

Common WhatsApp scams include fake tech support, phishing and fraudulent links, as well as forwarding scams such as deceptive job offers and investment opportunities.

Be vigilant when it comes to such activities on social media and WhatsApp.

What is 2-Factor authentication?

Two-factor authentication (2FA) is a security process in which users provide two different authentication factors to verify themselves. This process is done to better protect both the user’s credentials and the resources the user can access.

2FA adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person’s devices or online accounts. The first factor is typically something the user knows, like a password.

The second factor could be something the user has, such as a physical token or access to a trusted device, or something inherent to the user, like a fingerprint or other biometric identifier. By requiring two different types of identification, the chances of an unauthorised person gaining access are significantly reduced.

References

  1. Action Fraud: Action Fraud is the UK’s national reporting centre for fraud and cybercrime. It’s where you should report fraud if you have been scammed, defrauded, or experienced cybercrime. The website provides information on different types of fraud, prevention tips, and news on the latest scams and fraud alerts.

  2. National Cyber Security Centre (NCSC): The NCSC provides advice and support for the public and private sector in how to avoid computer security threats. The website offers a wealth of resources, including advice and guidance on various cyber security topics, educational resources, and a reporting service for suspicious emails, texts, and scam websites.

These websites are valuable resources for understanding the current landscape of cyber threats, including WhatsApp scams, and for learning how to protect yourself and report any scams you encounter.

Jon Cosson
Website | + posts

With over three decades of experience in the heart of London’s financial sector, I have dedicated my career to the pursuit of robust cybersecurity practices and IT leadership. As a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Chief Information Security Officer (C|CISO), Certified Ethical Hacker (CEH), and Computer Hacking Forensic Investigator (CHFI), I bring a wealth of knowledge and expertise to the table.

My journey in the field of cybersecurity has not only been about personal growth but also about sharing my insights with others. As an international speaker, I have had the privilege of addressing audiences worldwide, discussing the importance of cybersecurity in today’s digital age. My passion for knowledge sharing extends to my work as an author and blogger, where I delve into the complexities of cybersecurity, offering practical advice and thought leadership.

In my role as a CISO and Head of IT, I have overseen the development and implementation of comprehensive information security and IT strategies. My focus has always been on creating resilient systems capable of withstanding the evolving landscape of cyber threats.

My Master’s degree in Cybersecurity has provided a solid academic foundation, which, when combined with my practical experience, allows me to approach cybersecurity from a holistic perspective.

I am always open to connecting with other professionals in the field, sharing knowledge, and exploring new opportunities. Let’s secure the digital world together.