WhatsApp Scams: The Latest Way Criminals Attack

WhatsApp has become one of the most popular applications, with over 2 billion individuals using it for communication with friends and family. Unfortunately, this makes WhatsApp an easy way for cyber criminals to target unsuspecting individuals. Since the app is used for friendly methods, many assume that contact via WhatsApp can be trusted. It can’t and users need to beware.

Threat actors have upped their game from the older style email phishing in the use of WhatsApp. They appear as legitimate organisations, complete with logos, letterhead, and websites. Users supply personal information in response to their alert or request or click on a link that will download malware. Cybercriminals have a large expanse of methods to attract their targets, the key is to be aware of the various types of WhatsApp scams.

Some of the WhatsApp Scams:

Offering a job: Almost always unsolicited, a threat actor will pose as a recruiter offering a hard-to-believe good job. They will ask for payment for such things as training or uniforms and that’s when they have your account information.
Scams on investments: These offerings can cover everything from fake bonds or stocks to investment opportunities. They usually offer fast profits and act as a can’t-miss-out deal.
Cryptocurrency scams: A majority of people know little about cryptocurrency, so basing their interest on a few success stories is how cybercriminals win. Those offering cryptocurrency scams are impossible to track and can disappear leaving the user with having lost money.
Dating scams: Threat actors depend on those that are lonely or looking for companionship. This makes the individuals vulnerable to the lies that are told, often expressing love and commitment. Once trust is established they usually ask for money for expenses or travel.
Rental/Real Estate scams: Cybercriminals offer rentals or properties for sale that either don’t exist or that they have no power to list. They will communicate heavily, offering websites that show details and then request money for rent or purchase deposit.
Upgrade to WhatsApp Gold offerings: To begin with, there is no such thing as “WhatsApp Gold”. Threat actors offer this non-existent scam to users stating that they will have all kinds of extra features that only Gold members can experience. Of course, there is a price for the Gold and they offer a fake website where users can input their payment information.
Fake WhatsApp apps: Criminals are fairly devious and they have created a number of fake WhatsApp apps. They encourage people to download these fake apps from third-party app stores. Once the app is installed it will download malware or try to get details on logins.
Impersonation scams: These threat actors will contact an individual acting like someone that they know. The criminals usually do a bit of homework so they have everything from information to a picture. It doesn’t take long for the impersonator to ask for money.
Request for Verification Code: As two-factor authorisation becomes the norm, criminals will contact a user to request verification of their code for security purposes. Once they get the code they have access to the user’s account.
General phishing scams: Cybercriminals will use WhatsApp to send the usual phishing scams that were once only limited to email. They can indicate that there is a sense of urgency to respond due to a security issue, unauthorised transactions to an account or an account suspension warning.

“As with anything on the internet, there continue to be dangers even with those applications that are designed as ‘friendly’. DaVinci Cybersecurity communicates every new aspect of threat that may cause personal or financial distress; educating our clients to keep them safe.”

– Sharon Knowles, CEO DaVinci Cybersecurity

Sources:

us.norton.com/blog/online-scams/whatsapp-scams

keepersecurity.com/blog/2024/07/08/common-whatsapp-scams-and-how-to-avoid-them/index.html?id=com.callpod.android_apps.keeper&ad_group=&ad_creative=&device_type=c&utm_term=&utm_campaign=Test+Campaign+042325&utm_source=google&utm_medium=cpc&hsa_acc=2347099586&hsa_cam=22479340222&hsa_grp=&hsa_ad=&hsa_src=x&hsa_tgt=&hsa_kw=&hsa_mt=&hsa_net=adwords&hsa_ver=3&gad_source=1&gad_campaignid=22475886605&gbraid=0AAAAAC-d4J9huGdVUknGlETB5ayPFD3-G&gclid=EAIaIQobChMIn_Kl9IS_jwMV-CdECB3Bzw2tEAAYASAAEgI28vD_BwE

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

More articles

Who is Ultimately Responsible for Business Email Compromise?