Why Are WhatsApp Users So Easy To Scam?

Uploaded on 2023-09-07 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Another day, another security alert. This time, it’s alleged that you can email WhatsApp with a phone number claiming the device has been stolen/lost and WhatsApp will deactivate the account. This can be from ANY email and ANY phone number.

Though the platform appears to be taking steps to address this flaw since it gained public attention, it’s an open invite for misuse.

Scammers are constantly and relentlessly targeting WhatsApp. With over 2 billion active users relying on WhatsApp for both personal and professional reasons, often sharing sensitive information on the basis of its end-to-end encryption, it’s an attractive target for criminals. It’s estimated that scammers using text messaging apps like WhatsApp sent 66 billion spam texts in 2022. These can be anything from “Friend in need” messages to messages impersonating two-factor authentication.

So why are WhatsApp users so easy to scam and what steps should you be taking to keep yourself safe?

The Vulnerability Of WhatsApp

As a messenger app - and the world’s most popular one at that - WhatsApp is fertile ground for impersonation scams. The infamous ‘hi Mum/ Dad’ scam, where criminals pose as a friend or relative of their victim and ask them to send money, cost UK victims £1.7 million across platforms, between the beginning of 2022 and mid-June 2023. WhatsApp is the preferred channel of attack for impersonation: TSB impersonation fraud data found that scam activity on Meta platforms led to 86% of cases reported to the bank in 2022, with WhatsApp representing two-thirds of those incidents.

And as generative AI grows in sophistication and popularity, there’s a fear these losses will climb. AI is already being used to mimic loved ones’ voices in order to extract money.

This isn’t the only impersonation scam hitting WhatsApp users. Another version involves criminals gaining the account of one of your contacts and messaging you purportedly as them. They’ll simultaneously be trying to log into your own WhatsApp account with your number, which means you’ll be sent a 6-digit code from WhatsApp. The scammer will then ask you to send that code, claiming it’s theirs and sent to you by accident, and gain control of your account.

Variations on this passcode scam include calling a victim and claiming to be a member of a shared group, often aided by false profile pictures and display names, and asking for the passcode under the guise that it’s a code for a group video call. However, the code is a registration code to allow your WhatsApp account to be ported over to another device. Users in India also recently suffered a flurry of group-based scams around World Yoga Day. Criminals would invite users to join yoga classes and send a link that, upon clicking, requests a 6-digit OTP (one time password) code, so victims unknowingly pass over a code that unlocks their account.  

Eight Tips To Protect Yourself

WhatsApp are attempting to shore up security: they’ve introduced a new ‘Silence Unknown Callers’ option and created a Privacy Checkup tool to take users step-by-step through its security features. But, unfortunately, it still falls to users to be aware of popular scams and take steps to protect themselves. Here are seven top tips to stay safe on WhatsApp.

1. Keep your WhatsApp updated:   Keeping apps like WhatsApp updated are about more than enjoying the latest user features. There’ll be important security updates included to patch discovered vulnerabilities so you should install any updates as soon as they are released.

2. NEVER share your OTP code:   As seen above, once you share your OTP code with someone, it’s game over. An OTP code verifies your identity and is the key to unlocking your WhatsApp account. Never share it with anyone.

3. Choose a strong password.. :   Your password is a crucial line of defence in protecting your account and so it needs to be a strong one. Make sure it’s at least 8 characters in length and includes upper and lowercase letters, numbers and symbols.

4. …and then enable two-factor authentication:   Don’t let perceived ease undermine your security. Enable two-factor authentication on your WhatsApp account: you’ll be asked to create a unique PIN that you’ll additionally need to enter to log into your account. This makes it much harder for criminals to hack your WhatsApp.


5. Verify information for yourself:    It’s good to be suspicious on WhatsApp. Be wary of messages asking you to provide personal information and if you receive an ‘emergency’ message from a supposed friend or relative asking you for money, make sure you verify this by calling them via a different channel.
Don’t let criminals panic you into sending money or sensitive information without thinking it through first.

6. Be wary of links:   Phishing links are a common scamming tactic but they’re popular because they’re very easy to fall for. Be cautious about clicking links. Don’t know the person sending you a link? Leave it alone. It’s also important to make sure you’re only installing apps from official app stores. 

7. Stay alert for the latest attacks:   Just like WhatsApp’s security team, scammers will be continuously updating their tactics so make sure you’re keeping abreast of the latest types of attacks. News outlets will report on new scams and it’s crucial to read past the headlines.

8. Keep work chats off WhatsApp:   It’s tempting to use WhatsApp to help conduct business - it’s quick, easy and so many people already have it. But using messaging apps as shadow IT (tech used without the IT department’s approval or oversight) opens up an organisation to huge risk. Not only is there the possibility of human error in accidentally sending confidential, sensitive information to anyone in your contacts, it’s a goldmine for any criminal who gains access to your account.

The large, personal role WhatsApp plays in people’s lives and its power to connect anyone in the world makes the platform invaluable to scammers. Protect yourself from falling victim by following security best practice thinking very carefully about the messages you receive.

François Rodriguez is Chief Commercial Officer at RealTyme

Image: Eyestix Studio

You Might Also Read:

Online Safety Bill UK: WhatsApp, Encryption & The Implications For Privacy:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Empower Your DaaS Programs
Navigating User Experience, Performance & Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Panda Security

Panda Security

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions.

Delphix

Delphix

Delphix is the industry leader for DevOps test data management.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

ControlCase

ControlCase

ControlCase provide solutions that address all aspects of IT-GRCM (Governance, Risk Management and Compliance Management).

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

Internet Storm Center (ISC)

Internet Storm Center (ISC)

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with ISPs to fight back against the most malicious attackers.

NetFort

NetFort

NetFort provides software products to monitor activity on virtual and physical networks.

Information Systems Security Partners (ISSP)

Information Systems Security Partners (ISSP)

ISSP is a specialized system integrator focused on the information security needs of its corporate clients and providing best in class products and services for securing organizational information.

Vdoo

Vdoo

Vdoo provides an end-to-end product security platform for automating all software security tasks throughout the entire product lifecycle.

Plug and Play Tech Center

Plug and Play Tech Center

Plug and Play is the ultimate innovation platform, bringing together the best startups and the world’s largest corporations.

ARCON

ARCON

ARCON offers a proprietary unified governance framework, which addresses risk across various technology platforms.

SafeTech Informatics & Consulting

SafeTech Informatics & Consulting

Safetech's OTShield detects, prevents and analyses cyber-attacks in SCADA and Industrial IoT systems by utilising state of the art deception techniques.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

Sec-Ops

Sec-Ops

Sec-Ops is a forward thinking cyber security company, formed by a group of security enthusiasts with years of experience and backgrounds in the technology and the government industries.

Chainguard

Chainguard

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard are on a mission to make the software supply chain secure by default.

All About Cookies

All About Cookies

All About Cookies is an informational website that provides tips, advice, and recommendations to help you with Online Privacy, Identity Theft Prevention, Antivirus Protection, and Digital Security.