It’s probably no shock that WhatsApp is one of the most popular messaging apps in the world. It’s so popular, in fact, that people outside the US and Canada will often prefer it over their phones’ built-in SMS apps. But this situation has also made it a big target for scammers, so here’s what you need to know about some of the most common WhatsApp scams and how to stay safe.
10 Common WhatsApp Scams and How to Avoid Them
Edgar Cervantes / Android Authority
1. “WhatsApp Gold”
In this one, an unsolicited message claims that you have been invited to use WhatsApp Gold, an upgraded app with new features. There’s no Gold app, of course, and tapping the download link will either subject you to a phishing attack — in which a fake website tricks you into sharing private information — or malware that risks infecting your device. to infect. That risk is very low as long as you keep your device up to date.
Because most WhatsApp users are aware that there is no Gold upgrade, this scam should not be much of a threat, but it is further identifiable by the URL (web address) the scammer sends – a real link will take you to the Google Play Store or Apple App Store, or at least whatsapp.com.
2. Fake friend/family emergency
This scam involves someone pretending to be a friend or family member of yours sending messages from a new phone number. Chats may seem innocent at first, but the person will eventually steer the conversation to ask for money, or perhaps share private information that can be used to spoof your identity. They will use a fake emergency as an excuse.
If you are concerned that there may be a legitimate emergency, ask the person for details that should confirm their identity. This could be something like their supposedly defunct phone number, or a personal fact that isn’t posted online. If the person can’t answer anything, it’s a scam.
3. Free gift cards/vouchers
Matt Horne / Android Authority
It should be obvious, but companies don’t send free gift cards to random people on WhatsApp because there’s no profit to be made. If you tap the link asking you to claim your card (or a voucher), you’ll be faced with a phishing or malware attack and get nothing in return.
There isn’t much more to say about this one, but a general rule of thumb for avoiding scams is that if something looks to good to be true, it probably is. Fake gift card URLs also tend not to match the company they are supposed to represent.
4. Unsolicited QR codes
It’s really just a variant of other scams, substituting a QR code that you have to scan in place of a link that you’re expected to type. There can be many excuses for scanning it, but no matter which one the scammer chooses, you’ll still be taken to a URL that exposes you to phishing or malware.
If an unknown contact sends you a QR code, just ignore it. This is a way to camouflage a fake URL. You’re meant to scan legitimate QR codes on TVs, monitors, boxes, manuals, or actual signs, since in messaging apps there’s no reason why someone wouldn’t just share a URL directly.
5. Technical support/verification
Here, someone pretends to be a representative at WhatsApp (or another big tech company) asking you to verify an account. They may or may not ask for data directly, but whether you share it in chat or via a phishing site, the scammer’s goal is likely to be to hijack your account and/or extract useful details.
Because of the likelihood of this kind of scam, WhatsApp and other tech firms don’t actually contact users this way. If some sort of account verification is required, it will likely be initiated by you, and in the case of WhatsApp specifically, verification is handled by phone calls, SMS, or iCloud Keychain. You will not get a message in WhatsApp itself.
6. Two-step verification “errors”
It’s unlikely you’ll come across this one, but someone might send you a message claiming they’ve done two-step verification (2sV) and accidentally sent the verification code to your phone number. If you did get a code, don’t share it – since WhatsApp accounts are based on phone numbers, you might be giving them the exact thing they need to hijack your account.
If you encounter this scam, go ahead and change your 2SV PIN as soon as possible to ensure that hackers are excluded. Don’t choose numbers that are easy to guess.
7. Fake lotteries and giveaways
It’s identical to a gift card/voucher scam, except the criminal claims you’ve been selected for a prize. To claim it, you’re supposed to tap a link, but you’ll only be exposing yourself to phishing or malware.
This is another example of the “too good to be true” rule, but a little more food for thought is that legitimate sweepstakes and giveaways tend to operate publicly, not by messaging people individually. Organizers will certainly not notify winners via an app that they cannot guarantee anyone will have.
8. Crypto and other investment scams
Edgar Cervantes / Android Authority
Yes, real people have made honest fortunes with cryptocurrencies like Bitcoin, but if you are approached by someone on WhatsApp claiming that you can make a huge profit after providing a small initial investment, they are going to take the money and run. The same is true if they are peddling a “secret” guide to crypto investing.
You may come across other investment-related scams on WhatsApp, but they tend to follow a similar template. Before making any significant investment, research the product and its risks, and only pull the trigger through well-established platforms. Also, be prepared for risk – cryptocurrencies in particular are volatile, so if the market turns south, you could be out thousands of dollars or more.
9. Romance/catfish and prostitution scams
Although this is more likely with services like Instagram, there is still the possibility that you will be approached by a stranger offering prostitution services. Whether prostitution is legal in your region or not, statements on WhatsApp are likely to be fraudulent, or simply another way to get you to click on a phishing or malware link.
Almost more insidious is a romance/catfish scam. It involves a long deception, which creates the illusion of an authentic relationship, even though you don’t actually know the person that well. Once the time is right, the scammer will fabricate some kind of emergency that involves you sending money to help.
Even intelligent people can be taken in by a romance scam, but being a good skeptic will help. If a scammer has any social media profiles at all, they may have few if any friends on their networks and use stolen photos. Use a reverse image search tool like TinEye to catch them. And before you get emotionally invested in someone, insist on a video call and/or meeting in public. If they keep coming up with excuses to avoid it, you are being scammed.
10. Fake donation schemes
To take things to an even deeper low, this type of scam asks for money with the promise that it will help a good cause – anything from personal surgery or disaster relief to supporting a church, mosque, temple, political party or other ideological group. Once the scammer has your money, the “charity” vanishes into thin air.
You can avoid becoming a victim by refusing to donate to unknown contacts or tap on any links they share. A reliable charity always works in public instead of contacting people one-on-one on messaging apps. As with many WhatsApp scams, it is best not to reply at all, as this can only confirm that your phone number is valid and you are a potential victim.
What to do if you are scammed on WhatsApp
Stop any interactions with the suspected scammer first, but take as many screenshots as possible. This may help not only in interacting with WhatsApp’s moderation team, but in any complaints you make to the police (more on this in a moment).
The next step is to block the scammer and log in to WhatsApp. Moderators will receive the last 5 messages sent to you by the other person, whether they include text, photos or video. At that point, you’ll have to wait for the company to respond, but if they accept your report, the scammer’s account should be kicked off the service.
In more serious circumstances, it may be worth reporting an incident to the local police as well. There may not be much they can do without personally identifiable information, or if the scammer is in another country, but it will at least put the scam on the police radar and increase the chances of eventual action. Remember, you probably weren’t the only target.
You may also need to check your privacy and security settings. The less publicly visible your WhatsApp information is, the better, and you should definitely have two-step verification as a fallback.
How to stay safe on WhatsApp
Edgar Cervantes / Android Authority
Skepticism is your best ally. You should automatically be wary of messages from people you don’t know, and/or who claim to be someone you know, but are strangely aggressive or want something ahead of time. Unless they’re pulling a long con, scammers don’t want to waste time with small talk.
Always avoid clicking on links from unknown contacts, as these are likely phishing attempts or the distribution of malware. You will note that the URLs for these links differ from those used by the companies they are intended to mimic.
Finally, as we’ve mentioned a few times, the “too good to be true” rule applies. Does anyone claim you can make a fortune from Bitcoin in a few days? Probably fake. Similarly, the chance of the love of your life sending you messages out of the blue is extremely low.
Frequently Asked Questions
There are many possibilities. You may have it somewhere on a social media profile, such as Facebook, and have left that profile public. It can also be listed in a WhatsApp group, or somewhere else on the web. The person can simply bomb every number in a specific area code, hoping to get lucky.
They can potentially hijack your account, especially if you haven’t activated two-step verification (2SV).
Not usually anyway. They’re most likely using fake or anonymous details, and while you can try to message them, they’ll probably just ignore or block you if they haven’t already switched to another account. You may be able to use a reverse phone lookup service if their number was not a burner.
Possibly, but there’s no good reason for it, and you might signal that you’re someone who could be targeted in future scams. Telling off a spammer isn’t going to stop them.
Yes, at least if you’re in a group or individual chat, or if you’re saved in someone’s contacts. This does create a vulnerability, but also means that scammers (or other malicious actors) cannot hide behind an anonymous username.
Commentary
Disclaimer for Uncirculars, with a Touch of Personality:
While we love diving into the exciting world of crypto here at Uncirculars, remember that this post, and all our content, is purely for your information and exploration. Think of it as your crypto compass, pointing you in the right direction to do your own research and make informed decisions.
No legal, tax, investment, or financial advice should be inferred from these pixels. We’re not fortune tellers or stockbrokers, just passionate crypto enthusiasts sharing our knowledge.
And just like that rollercoaster ride in your favorite DeFi protocol, past performance isn’t a guarantee of future thrills. The value of crypto assets can be as unpredictable as a moon landing, so buckle up and do your due diligence before taking the plunge.
Ultimately, any crypto adventure you embark on is yours alone. We’re just happy to be your crypto companion, cheering you on from the sidelines (and maybe sharing some snacks along the way). So research, explore, and remember, with a little knowledge and a lot of curiosity, you can navigate the crypto cosmos like a pro!
UnCirculars – Cutting through the noise, delivering unbiased crypto news
