WhatsApp is considered to be the most popular mobile messaging app in the world. In fact, the program has two billion active users. This is an incredibly large audience. Unfortunately, this is also a huge number of potential victims for criminals. Cybercriminals are increasingly using WhatsApp as a vehicle for their attacks, and while people in general have become more cautious about email phishing over the years, cybercriminals have adapted their tactics by implementing more sophisticated phishing techniques. These tactics include the proliferation of text messaging, social media, and messaging apps like WhatsApp.
Victims of some WhatsApp scams lose thousands of dollars to cybercriminals who trick them into transferring money for various reasons. Britain’s Lloyds Bank reports a 2,000% increase in WhatsApp fraud over the past year. Other types of scams try to target users with malware or gain access to their accounts.
Dr. Jessica BarkerCEO of the company Cygentarecently posted a video discussing known examples of WhatsApp scams in 2022, explaining how to avoid falling victim to them. Below is a summary of known scams and how to avoid them.
Cybercriminals impersonate loved ones
The first type of fraud that is gaining popularity this year is known as “Mom and Dad are frauds“,
a form of impersonation fraud where a cybercriminal pretends to be a loved one to trick a relative into sending them money. Cybercriminals will contact WhatsApp users as a loved one, usually a child or sibling, saying they’ve lost their phone and texting them from their new number. They will then convince their target that they are struggling financially and ask for money to be transferred to help them pay the bill.
WhatsApp users fall victim to this scam because of their belief that their loved one is contacting them and their desire to help. Some banks block a transfer that the system recognizes as suspicious, preventing the fraudster’s target from sending money. On the other hand, many targets of this scam have sent money and have not been able to get it back.
Two-factor authentication scam
Another type of WhatsApp scam is called “2FA (or two-factor authentication) scam”. In this type of scam, a person will receive a verification or authentication code that they did not request. This is followed by a message from a known contact that their code was mistakenly sent to the wrong person and asks for the code that was sent. In reality, the contact in question is someone who has already fallen victim to the scam and whose account has been compromised.
This scam works by having cybercriminals enter information they can view from your contacts’ accounts, such as your name and number, and then ask you to send a verification code to complete your login. They prey on your instinctive trust in contacts you already know and recognize in order to get a code that also allows them to access your account. Once successful, they will do the same to your contacts, compromising as many accounts as possible.
Fake links and fear of missing out
An extremely versatile form of attack is one that is known by different names depending on which iteration of the scam is taking place. A few notable examples are the WhatsApp Gold scam discussed in Dr. Jessica Barker’s video The Alton Towers scam, Father’s Day Heineken Scamand The Cadbury Easter Egg Scam. The basic concept is to send a message that somehow convinces the recipient to click on an external link, usually to a page that pretends to be the official website of a corporation or organization. These scammers are often used on WhatsApp and through traditional text messages such as The NHS COVID-19 Scam.
This scam varies in both method and purpose. Some messages promise free goods to trick consumers into clicking on a link, as in the Alton Towers, Heineken and Cadbury scams. Others will play on people’s fears, such as the NHS scam which tricked recipients into thinking they had been exposed to the Omicron variant of COVID-19 and needed to visit a website to get a free test (which the NHS does not offer). Others will still play on the fear of losing out and offer a prestige experience, such as the WhatsApp Gold scam, which promises access to an elite version of the app that doesn’t exist. In all cases, the goal is to get the user to click on the link in the message.
Some of these links lead to malware that can infect devices and disrupt their functionality. Others will ask for some kind of payment, often a small amount, that supposedly pays for the shipping and handling of the “free” items. Some simply ask for information such as the user’s address, phone number or email address. In all cases, cybercriminals are counting on you to follow the link in their first message so they can execute the next stage of their attack.
How to protect yourself
The most important tip when it comes to avoiding these WhatsApp scams is to be careful with the messages you receive. As Dr. Jessica Barker explains, these scam messages often follow a formula: They’re unexpected messages, they make you feel something, and they ask you to do something. Barker, and other experts stress the importance of slowing down before taking action based on that initial emotional urge. With this in mind, there are a few key things you can do to avoid becoming a victim.
First, it’s important to make sure that anyone who claims to be a loved one is actually who they say they are. There are several ways to test this, from calling to asking a question that only they know. Second, never share your verification codes or two-factor authentication codes with anyone. Third, never click on unfamiliar links from unknown numbers.
As WhatsApp scams continue to threaten cyber security and target users with malware, phishing and extortion attempts, it’s important to keep an eye out for common markers. Messages purporting to come from loved ones, corporations, or government organizations should be carefully scrutinized to verify their authenticity before taking any action. This vigilance will help you protect your accounts, money and information from cybercriminals.
About the author: PJ Bradley is a writer on a variety of topics who loves learning and helping people most of all. With a BA from the University of Auckland, PJ enjoys using his desire to understand how things work to write about topics of interest. PJ spends most of his free time reading and writing.
Editor’s note: The opinions expressed in this guest author article are solely those of the author and do not necessarily reflect the opinions of Tripwire, Inc.
