What would you do if you got a WhatsApp message from an unknown number, claiming to be your relative? Is it really your daughter asking you for money, or a scammer about to fleece you out of a few hundred pounds? WhatsApp scams are running rampant. Action Fraud estimates that in the UK alone, almost £50,000 was stolen by WhatsApp scammers from August to October 2021. It’s important to know how to recognize scam tactics and how to protect yourself from them.
WhatsApp, the popular instant messaging service, uses end-to-end encryption. This is a method of concealing data where only the sender and recipient can view it. The WhatsApp CEO, Jan Koum, has clarified that WhatsApp does not have access to messages or chat history on their servers. If every chat is private, that must mean you’re safe, right?
Not exactly. While yes, it is true that outsiders can’t spy on your chats, it doesn’t stop them from initiating conversations with you. If they have your number, they can message you, and if they can message you, then you are vulnerable.
Recent Scams On WhatsApp
So, what kinds of scams on WhatsApp have been circulating recently? A common one is the ‘Hi Mum’ scam. The scammer messages the user with a greeting, claiming to be a relative saying they’ve broken their phone. They have been known to demand upwards of £1000, often in cash and delivered to them in a padded envelope. The key here is believability. The scammer will send the same specific details to multiple people at a time, and while it won’t be believable to most, they’re looking for that one person whose circumstances match up. Yes, if you have a clumsy son, it might seem realistic, but don’t be fooled- you might be getting scammed.
Another type of WhatsApp scam involves scammers instructing users to click shady links with the assertion that, for example, they could win a prize. Such links include ‘Rediroff.ru’ and ‘Rediroff.com’. Upon interacting with the link, it will take the user to a webpage where they are offered a prize in exchange for completing tasks. These can range from forwarding the link to a certain amount of WhatsApp users to filling out surveys that ask for sensitive information. While innocuous at first, upon fulfilling the requirements, the page harvests the user’s details- their name, address, or even bank details. The scammers then use that information to rob, blackmail or even impersonate the user.
Impersonation is a common theme in WhatsApp scams. A particularly insidious example is the hijacking scam which relies on the user having two-step authentication. Two-step authentication is the use of external security codes, via text or safe third-party authentication apps, to determine the user’s identity after typing in their password. It stops scammers and hackers from gaining access to your accounts using your password alone, as the security codes will be sent to your devices, which no one else can see. The hijacking scam involves tricking users into sending their security codes to the scammers. First, users will get a notification for an SMS WhatsApp security code they did not ask for the type used for two-step authentication. A message from their friend or relative- coming from their real number. The scammer will say that they got locked out of their account and that they sent the security code to the user’s phone by mistake. Then, the scammer will ask the user to send the security code to them. But the code the user got sent was actually for their own WhatsApp account, and in sending it over the scammer can bypass the two-factor authentication and hijack the user’s account.
Wait, but the message came from your friend’s real number! How can it be a scam? That’s the most devious part. If you get a message like this from a friend, and you know it’s their real number, it means that the scammer has already hijacked their account using the same method and is using it to get to yours.
Protecting Yourself From Scams On WhatsApp
Scary stuff. So, how can you protect yourself from WhatsApp scams?
Luckily, there are many easy ways to stay safe. For example, if someone messages you on WhatsApp and you don’t recognize their number, you can ask them to call you or leave a voice note. This method is endorsed by Kathryn Harnett, WhatsApp’s policy manager. Scammers typically will refuse to do this, as it will reveal that they are faking their identity. If they make excuses, then they’re most likely not who they say they are. This even works if you do recognize their number- it could expose a hijacking scam. Block the user and delete the chat. You can also contact the friend or relative via a different messaging network such as Facebook or SMS and ask them to confirm whether the person messaging you on WhatsApp is actually them. If they say it isn’t, then you’re being scammed. The same protection method applies here- block the user and delete the chat.
Never, ever give away sensitive information such as your name, address or bank details to people you don’t recognize. And even if you do- make sure to check their identity. Be careful about giving information about your life, too. The more information you give to impersonation scammers, the more information they can use against you to make them seem more believable. And the more believable they are, the more comfortable you will feel giving them sensitive information. The best thing to do is to not respond at all. Say it with me now. Block the user and delete the chat!
You can enable two-step verification on your WhatsApp account, too, if you haven’t done so already. The extra layer of protection will stop unwanted people from signing into your account, but remember to watch out for SMS security code scams. Don’t share your SMS security codes with anyone.
And, of course, maintaining your privacy online is critical. Scammers get less personal information and are able to get less of a link between your social media and E-Mail address when you’re using privacy software like Hoody. Even if they’re hooked up with shady advertisers using browser fingerprinting to track you, your system’s defining features will be obscured, preventing them from locking in on your identity.
Hopefully, you’ve learned a few things about what WhatsApp scams are out there and how to protect yourself from them. Follow these steps, and you’ll be less likely to be a victim of WhatsApp scams.