WhatsApp scams: How to avoid hoaxes on the app.
10/10/2023
Cyber criminals will exploit any communication channel to impersonate someone and create a false sense of urgency, pressuring you to share your account passwords or send them money. In this latest post in our “Protect yourself against fraud” series, we encourage you to be on guard against a rampant new threat: WhatsApp scams.
In WhatsApp scams, fraudsters exploit the famous instant messaging app to steal personal and banking information. The modus operandi used by scammers include:
- Posing as a relative in trouble, writing from an unknown number to ask for money. They claim to be messaging from a different number because of problems with their phone. In one well-known version, scammers pose as a relative at the airport, claiming to need money to resolve issues with their luggage.
- Posing as a company or an unknown contact in one of your WhatsApp groups. Their goal is to hijack your WhatsApp account by getting hold of a recovery verification code. Once they have it, they can open your account on another mobile phone and ask your friends and family to transfer money under some pretext.
- Posing as your bank’s support service – using its corporate logo – to obtain one-time passwords and steal your money. They claim to have identified fraudulent charges and ask for certain numbers in order to cancel them. In truth, you will unwittingly be sharing your banking information.
What can you do to avoid scams? Here are some key principles:
- Familiarise yourself with the contact channels your bank uses. If the person contacting you behaves strangely or asks for particular information, be on guard. Your bank will never ask for information to verify your identity. If you suspect fraud, block the number and contact your bank directly.
- Under no circumstances send or transfer money. Check the information given and investigate who is making the request.
- WhatsApp’s technical support will help you recover your account if it has been lost or hijacked. Don’t pay any “ransom".
- Never share any verification codes that banks send by SMS. Turning on two-step verification is highly recommended: in addition to your password, you’ll periodically also be asked for an alphanumeric code to prove your identity. This will happen every time you login on a new device.
- Keep the application updated to the latest version, since vulnerabilities are constantly being fixed.
As you’ll be aware, cyber criminals will use social engineering techniques to try to gain your trust, manipulate you and get hold of your banking information. Don’t give it to them under any circumstances. Remember, anyone can be targeted, so it’s wise to be prepared.