Scams on WhatsApp have become quite frequent, and with each passing day cybercriminals create new ways to deceive users. In Brazil, 43% of messenger users claim to have already suffered attempted fraud in the application, according to a survey by Mobile Time and Opinion Box.
According to cybersecurity company ESET, most scams circulating on WhatsApp use so-called social engineering. The technique is used to manipulate the victim into believing what the scammer says.
Below, check out the eight most common scams on WhatsApp, according to ESET:
Fake brand birthday:
starts with a message sent saying that a brand is celebrating its birthday and is offering some gift or benefit with a link so the victim can access their prize. But before obtaining it, you must answer a questionnaire and, in order to continue, you must share the message with a certain number of contacts. However, the prize never materializes and the user is redirected to websites that display intrusive advertisements. In some cases, malicious campaigns ask the victim to download suspicious applications, which usually end up with the installation of some kind of adware, a type of malicious software that displays intrusive advertising and collects information from the victim.
False economic aid:
scammers take advantage of citizens’ economic needs to deceive them and steal their personal data such as name, date of birth, document number, nationality, among others, using the image and name of government agencies. In addition to being marketed on forums, this data is used by criminals to carry out other frauds. This scam usually starts with a message about a solidarity aid program for certain sectors of the population and invites those who meet the requirements to sign up and receive aid. Users must fill out a form, but this information is collected by whoever is behind the fraud.
Random scams to get personal data:
starts with a message from an unknown number, posing as a person the victim knows who is in another country with the aim of asking for help with a minor accident. Then the alleged acquaintance says that he is returning to the country and is having problems with his passport and could not board the plane, but that the bags left. Then, he asks if he could receive them and, if the victim accepts, the scammer asks for photos of his document from both sides to do the necessary procedure so that the victim can receive the non-existent bags.
Tools to spy on WhatsApp:
in Google search trends, the term “whatsapp spy” is highly searched, which shows an interest from users looking for a way to spy on third-party conversations. Scammers know this and many dubious websites promise spying solutions with the aim of collecting information from those who decide to try out these apps, extensions or online services.
WhatsApp account theft:
the victim receives a text message on her phone or via WhatsApp asking if she can forward the six-digit code that was mistakenly sent to her phone. The message could be from a contact who has lost access to their account or from an unknown number. If the unsuspecting victim accesses and forwards the code that arrived unexpectedly, they are likely to lose control of their WhatsApp account if they do not have two-factor authentication enabled. Another very frequent way that cybercriminals use to steal WhatsApp accounts is SIM Swapping, which goes beyond WhatsApp and allows the hijacking of other accounts, including banking credentials. This occurs when criminals manage to trick the telephone company and obtain a chip with the victim’s number, pretending to be the person. In this way, they take control of the phone line and the SMS with the verification code reaches the criminal.
WhatsApp Phishing Scams:
once they gain access, criminals use accounts in different ways. For example, impersonating victims. For this, they usually download their contact list, account profile picture and other relevant information in case they want to create a fake profile with another number. But scammers are also able to communicate directly through the stolen account with family and friends to request money for an alleged emergency or convince them to take some other action. In more sophisticated scams, criminals are able to understand how stolen data is connected between services, from accessing an email account. This is how they manage to carry out identity theft through WhatsApp.
Fake updates with new features for WhatsApp:
these scams refer to the release of a version of the application with new features. ESET has observed examples of these scams inviting the victim to download WhatsApp pink and other colors such as blue or names like WhatsApp Plus. Pink WhatsApp, for example, far from being a harmless campaign, downloads a Trojan on the victim’s cell phone.
Malware distribution via WhatsApp:
ESET analyzed malware that spread through the application and attempted to trick victims into downloading an application from a website posing as Google Play. Once the malicious app was installed, any message that reached the victim’s device was automatically responded to with personalized text, which included a link to download the fake app.
How not to fall for scams on WhatsApp
Despite being diverse, scams always use similar tactics to deceive users. Therefore, the tips to protect yourself are always the same. “The main recommendation is to learn to distrust”, summarizes Camilo Gutiérrez Amaya, Head of the Research Laboratory at ESET Latin America.
“Do not click on any links you receive or fill in any form that comes to you with personal information. The second thing is to enable two-factor authentication on WhatsApp and, if possible, using an authentication app and not SMS. account hijacking. In addition, it is advisable to have a security solution installed, configured and updated on the device, which makes it possible to identify and block malicious websites or files commonly used in this type of fraud”, guides the expert.