WhatsApp is ubiquitous in many parts of the world. Originally an instant messaging platform that mirrored Blackberry Messenger and common texting of a decade or more ago, WhatsApp has now matured to offer many different services to its huge user base. The application is available for iPhone, Android and web-based desktop use.
WhatsApp provides every possible way to communicate with your friends and family. Text messaging, group chats, voice calls, video calls, voicemail, document transfer and photo/video sharing are standard features. WhatsApp is free and the user interface is intuitive and simple to use.
But, where there is popularity and illicit profit potential, there are hackers, scammers and all sorts of vultures circling potential victims. It pays to stay informed and we’ll help you with the latest points of vulnerability and the safest ways to enjoy WhatsApp’s deep versatility.
Scams to Watch For
With a user base of over 2 billion, WhatsApp’s wide popularity and global presence mean it’s also ripe for bad actors and the considerable effort they will put into finding the weak spots in such a large target. Risk abounds on WhatsApp and the plethora of malicious activity has a dizzying variety of styles.
Let’s think of the key characteristics of any successful scam. The elements can involve:
- Pretending to be someone trusted
- Weaponizing bits of information that are public to create a false impression of familiarity
- Manipulating security features in unintended ways
- Luring victims with false promises
- Playing on a target’s emotions and ramping up requests with rushed timeframes
- Exploiting weaknesses in backend tech processes
Unfortunately, WhatsApp is vulnerable to all of these methods, despite its commitment to strong security through its native end-to-end encryption. As we’ll explain here, end-to-end encryption isn’t strong enough to eliminate the risk for unsuspecting WhatsApp users.
Let’s look at what the scams look like up close.
- Facebook connection scam – you receive WhatsApp messages indicating there is a Facebook connection waiting for confirmation, with a redirection to a fake login page that harvests your login info
- Verification code scam – you receive an unsolicited WhatsApp message with a password verification code which the scammer will extract from you through fake WhatsApp messages from what appears to be a known contact
- Verification code scam #2 – the scammer manipulates the WhatsApp verification code message system to have it delivered to you by voicemail and then hacks into your voicemail’s (typically weak) password to extract the verification code
- Fake delivery scam – you receive WhatsApp messages regarding a purchase delivery that instruct to click on a link to confirm delivery details
- Purchase payment completion scan – you receive WhatsApp messages regarding a purchase ready to be completed once a small additional payment (for “shipping” or “duties” or “import release”) is processed through the attached portal
- Prize scam – messages notifying you that you’ve won a prize and only need to pay a small fee in order to claim it
- Prize scam #2 – requests that you forward a message with a survey to your friends/contacts with a promise that they will receive a prize
- Malware scam – virus infection through files received through WhatsApp (in 2020, Amazon’s Jeff Bezos’ phone was apparently compromised through a WhatsApp video file)
- Posing con scam – you receive a WhatsApp message from what appears to be a trusted contact with an emergency request for money
- Fake WhatsApp scam – with the promise of additional features, an unofficial “mod” version of WhatsApp is offered for download…and comes with malware
As you can see, there are many approaches WhatsApp scammers can take. And there are a couple of other factors to consider — factors which cause security experts concern:
- WhatsApp is owned by Facebook – your contact list and access permissions might be operating in cross-platform sharing ways that you don’t realize, behind-the-scenes; this can increase the variety of ways you, your contacts and your personal information might be targeted
- Phone malware vulnerability – although it’s been long thought that our phones are less susceptible to malware than our desktop computers and laptops, this can be a false sense of security as hackers are constantly looking for ways to infect your devices
- WhatsApp’s reach – the optional privacy settings you choose to set up can be actively discouraged by WhatsApp’s subsequent feature restrictions; in other words, WhatsApp (and its parent company, Facebook) want to pressure you into opening your contact list
Concerns about data harvesting are not only due to the very real potential for illegal use but also because it seems we are losing our ability to keep our personal activities and preferences private. One of the largest organizations involved in data harvesting is Facebook….the owner of WhatsApp. Cross-platform and cross-device targeting of advertisements and selling of user-specific personal activity history and preferences is a very real concern.
The Damage and the Result
Lest we overlook what might seem obvious, let’s look at why WhatsApp scams should be a concern. What are the ramifications of successful hacker or fraudster activity?
The basic motivation for scams is money. The most bald-faced scams are looking for quick cash. Red flags should go up any time you are surprised by a request for money. Even if it is apparently a friend or family member, if you are surprised, then stop and check things out. Remember that it’s relatively easy to impersonate a person by text message, but a quick phone call will establish whether a request for money is legitimate or not.
The same goes for requests for verification through a website link or an additional “minor” payment to complete a transaction. If you don’t recognize the details of the request, stop immediately. Even if some of the details ring true, check out the request with the original retailer or source. Assume that your purchase or delivery information could have been intercepted and might have been manipulated back to you with further instructions that will cause you damage.
Don’t ever enter your personal information into a website you have been instructed to click through to. It is frighteningly easy for scammers to create real-looking (but fake) web pages that will instruct you to enter personal information. You can imagine what happens to the credit card or banking information you might be persuaded to enter….a “small” payment request can quickly translate into a large withdrawal or credit card charge using the information you volunteered trustingly.
Know that the end result of some of the scams we listed in this article is that the scammer will access your phone’s contact list and use it to contact your friends and family. The scam can then ripple out to others, using the cover of your digital footprint, before you even realize what’s happened. You might not be the only victim of your scammer.
Prevention is Critical
Let’s talk about prevention. We have so many different points of concern — how can we secure ourselves? Is WhatsApp safe to use?
WhatsApp is a safe and well-respected app. It might be helpful to remember that it is owned by Facebook as you consider the broader questions regarding how to stay safe online. There are some practical steps you can take to protect you, your devices and your contacts.
- Never give out personal information unless you know you initiated the contact and are interacting with a verifiable web page
- Don’t be lured by promises of prizes/money; if it’s too good to be true….
- If a “friend” or contact suddenly asks you for money, make sure you have talked to them before agreeing to send any funds — slow it down and check it out
- If you receive a login verification code without asking for it, be suspicious….don’t pass it on and strengthen/update your password for the associated app
- Use 2-step verification whenever it is offered
- Check your privacy settings and set them in ways you feel comfortable with
- Although all scams can cause severe damage, it’s still a hard and fast rule that you should never open an email attachment from a source you don’t know or trust….even if you feel confident in the source, there is a risk!
- Think about using a VPN (Virtual Private Network) for an added layer of security
Can a VPN Help?
VPNs are becoming more popular and are a strong go-to for additional online security. A VPN sends your internet activity through complex routes in order to prevent the ability of destination sources to trace your originating IP address and personal data. VPNs can help with a host of online problems, irritations and risk-points, including WhatsApp scams.
VPNs are available for your computer and your smartphone (Android and iPhone). A good VPN will have a fee attached (be wary of scams associated with some “free” VPNs), but the peace of mind makes the cost worthwhile. A good place to look for reviews of the top VPNs available is PinpointVPN. Two popular choices for smartphone use (and desktop/laptop) are ExpressVPN and IPVanish.