You are using an outdated 'end of life' browser. Please upgrade your browser to improve your experience and security.

UKGlobal Broking Group Limited
x

General news

WhatsApp Scams are on the Rise

Wed, February 12, 2025

WhatsApp scams are now the fastest growing form of impersonation fraud, according to market research by Lloyds Bank. 

With over 2 billion users, WhatsApp has become an integral part of our everyday communication. Its use in the workplace has increased significantly in recent years due to its availability across devices, ease of use and internal safety features, such as end-to-end encryption on both mobile and PC, as well as on WhatsApp Web.

It is ranked as the most used mobile messenger App in the world; but, as with any popular platform, it also became a fertile ground for cybercriminals, leading to a surge in WhatsApp attacks. In the first six months of 2024, Action Fraud had received over 600 reports of WhatsApp-related fraud.

Phishing Attacks

Originally the techniques implemented by scammers harnessing technology were relatively straightforward; fraudsters would use copy and paste messages that made little sense and were full or errors, making them easier to detect. 
However, a more sophisticated approach has emerged enabling phishers to gain control over a WhatsApp account. As a result, the success rate of these scams has significantly risen.

WhatsApp phishing attacks are attempts to trick users into sharing personal or financial information through WhatsApp messages. Scammers may pose as friends or family members or claim to be from a company. 

Attackers use common social engineering techniques and tactics to trap users into divulging personal or corporate information, such as passwords, credit card numbers, or bank details. They may impersonate a trusted entity or create a sense of urgency, preying on unsuspecting users. 

Attackers craft different types of messages such as family members requesting money, mimicking friends for verification code scams or asking for financial assistance. 

How to spot a WhatsApp scam

As WhatsApp is a free messaging service with no barrier to entry bar a phone number, it is often exploited by fraudsters. Here are some common red flags to look out for that indicate a message could be a scam:

  • Unsolicited messages from an unfamiliar number 
  • Requests for personal information such as your credit card number, bank account number, birth date, or passwords 
  • Requests for money to be sent or paid via WhatsApp 
  • Requests to click a link, activate a new feature, or download an App 
  • Spelling and grammatical errors within messages 
  • Requests for immediate action
  • You’re told you have won a lottery, prize, gift, or coupons and you must claim your winnings

Examples of WhatsApp Attacks

  • Social Media: Attackers create fake accounts on social media platforms such as Instagram or Facebook and post deceptive messages within WhatsApp groups; luring users into traps with enticing offers, posting links to capture the user’s data.
  • WhatsApp Gold offers: Scammers will send a message attempting to get the recipient to download a fake WhatsApp upgrade called ‘WhatsApp Gold’ which boasts upgraded features and enhanced security. Some will even claim that this is a version of the app used by celebrities. The aim of the scam is to lead the victim to a website to ‘sign up’ for the service which actually downloads malware to their device and can allow scammers to steal personal data.
  • Account Impersonation: Attackers will send multiple generic WhatsApp messages pretending to be someone the victim knows in order to gain personal information about either the user or a specific target – perhaps an important individual within the victim’s workplace that they plan to impersonate via LinkedIn or any other social media. 
  • Fake Messages: Fake messages can be alarmingly convincing, asking the recipient to input credentials or verify account details or pushing them to a website to fill in an application – whether that is for an offer or perhaps even a job opportunity. that may be simple in nature but require the victim to purchase equipment to get started.
  • Missed Calls: In recent times, users have been inundated with missed video and voice calls from various country codes followed by messages claiming to be a friend or family member in need. The message often includes a request to share a code or personal details, such as account credentials or financial information. The scammer preys on the target’s curiosity or concern, hoping that they will unknowingly provide the requested information.
  • Two-Step Verification Scam: This involves the scammer tricking a victim into sharing their verification code for WhatsApp. The scammer can then use the code to take over the victim’s account and access all the user’s messages via a new phone, essentially locking the victim out of their own account.

How to protect yourself

  • If a message looks suspicious or sounds too good to be true, don’t tap, share, or forward it, especially when concerning messages from unknown numbers 
  • Don’t share personal or financial information with anyone you can’t verify 
  • Always look closely at new links or files before opening; although they may appear to be legitimate, they may be malicious in nature. As a rule, if you’re unsure, do not engage with suspicious content
  • If a colleague, supplier, bank, friend or family member makes an unusual request, you can ask them a personal question or call them outside of WhatsApp to confirm their identity
  • Set up two-step verification for your account:
  1. Open settings
  2. Select ‘Account’
  3. Select ‘Two-step verification’
  4. Enter a six-digit PIN and confirm it
  5. Enter an email address to help recover your account and tap ‘Next’
  6. Confirm the email address and tap ‘Save’

Please remember, if a message makes you feel uncomfortable or unsafe in any manner you can always report it, block the sender, and delete the message