Why Are WhatsApp Users So Easy To Scam?

Uploaded on 2023-09-07 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Another day, another security alert. This time, it’s alleged that you can email WhatsApp with a phone number claiming the device has been stolen/lost and WhatsApp will deactivate the account. This can be from ANY email and ANY phone number.

Though the platform appears to be taking steps to address this flaw since it gained public attention, it’s an open invite for misuse.

Scammers are constantly and relentlessly targeting WhatsApp. With over 2 billion active users relying on WhatsApp for both personal and professional reasons, often sharing sensitive information on the basis of its end-to-end encryption, it’s an attractive target for criminals. It’s estimated that scammers using text messaging apps like WhatsApp sent 66 billion spam texts in 2022. These can be anything from “Friend in need” messages to messages impersonating two-factor authentication.

So why are WhatsApp users so easy to scam and what steps should you be taking to keep yourself safe?

The Vulnerability Of WhatsApp

As a messenger app - and the world’s most popular one at that - WhatsApp is fertile ground for impersonation scams. The infamous ‘hi Mum/ Dad’ scam, where criminals pose as a friend or relative of their victim and ask them to send money, cost UK victims £1.7 million across platforms, between the beginning of 2022 and mid-June 2023. WhatsApp is the preferred channel of attack for impersonation: TSB impersonation fraud data found that scam activity on Meta platforms led to 86% of cases reported to the bank in 2022, with WhatsApp representing two-thirds of those incidents.

And as generative AI grows in sophistication and popularity, there’s a fear these losses will climb. AI is already being used to mimic loved ones’ voices in order to extract money.

This isn’t the only impersonation scam hitting WhatsApp users. Another version involves criminals gaining the account of one of your contacts and messaging you purportedly as them. They’ll simultaneously be trying to log into your own WhatsApp account with your number, which means you’ll be sent a 6-digit code from WhatsApp. The scammer will then ask you to send that code, claiming it’s theirs and sent to you by accident, and gain control of your account.

Variations on this passcode scam include calling a victim and claiming to be a member of a shared group, often aided by false profile pictures and display names, and asking for the passcode under the guise that it’s a code for a group video call. However, the code is a registration code to allow your WhatsApp account to be ported over to another device. Users in India also recently suffered a flurry of group-based scams around World Yoga Day. Criminals would invite users to join yoga classes and send a link that, upon clicking, requests a 6-digit OTP (one time password) code, so victims unknowingly pass over a code that unlocks their account.

Eight Tips To Protect Yourself

WhatsApp are attempting to shore up security: they’ve introduced a new ‘Silence Unknown Callers’ option and created a Privacy Checkup tool to take users step-by-step through its security features. But, unfortunately, it still falls to users to be aware of popular scams and take steps to protect themselves. Here are seven top tips to stay safe on WhatsApp.

1. Keep your WhatsApp updated: Keeping apps like WhatsApp updated are about more than enjoying the latest user features. There’ll be important security updates included to patch discovered vulnerabilities so you should install any updates as soon as they are released.

2. NEVER share your OTP code: As seen above, once you share your OTP code with someone, it’s game over. An OTP code verifies your identity and is the key to unlocking your WhatsApp account. Never share it with anyone.

3. Choose a strong password.. : Your password is a crucial line of defence in protecting your account and so it needs to be a strong one. Make sure it’s at least 8 characters in length and includes upper and lowercase letters, numbers and symbols.

4. …and then enable two-factor authentication: Don’t let perceived ease undermine your security. Enable two-factor authentication on your WhatsApp account: you’ll be asked to create a unique PIN that you’ll additionally need to enter to log into your account. This makes it much harder for criminals to hack your WhatsApp.

5. Verify information for yourself: It’s good to be suspicious on WhatsApp. Be wary of messages asking you to provide personal information and if you receive an ‘emergency’ message from a supposed friend or relative asking you for money, make sure you verify this by calling them via a different channel.
Don’t let criminals panic you into sending money or sensitive information without thinking it through first.

6. Be wary of links: Phishing links are a common scamming tactic but they’re popular because they’re very easy to fall for. Be cautious about clicking links. Don’t know the person sending you a link? Leave it alone. It’s also important to make sure you’re only installing apps from official app stores.

7. Stay alert for the latest attacks: Just like WhatsApp’s security team, scammers will be continuously updating their tactics so make sure you’re keeping abreast of the latest types of attacks. News outlets will report on new scams and it’s crucial to read past the headlines.

8. Keep work chats off WhatsApp: It’s tempting to use WhatsApp to help conduct business - it’s quick, easy and so many people already have it. But using messaging apps as shadow IT (tech used without the IT department’s approval or oversight) opens up an organisation to huge risk. Not only is there the possibility of human error in accidentally sending confidential, sensitive information to anyone in your contacts, it’s a goldmine for any criminal who gains access to your account.

The large, personal role WhatsApp plays in people’s lives and its power to connect anyone in the world makes the platform invaluable to scammers. Protect yourself from falling victim by following security best practice thinking very carefully about the messages you receive.

François Rodriguez is Chief Commercial Officer at RealTyme

Image: Eyestix Studio

You Might Also Read:

Online Safety Bill UK: WhatsApp, Encryption & The Implications For Privacy:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.