Don't Get Caught! The Top 10 WhatsApp Scams To Watch For In 2023
How are you protecting yourself against WhatsApp scams? It’s tempting to believe that you won’t fall prey to one of these schemes – but with fraudsters using increasingly sophisticated methods, there’s no guarantee.
The majority of these schemes are circulating on WhatsApp Messenger, but as more companies turn to WhatsApp Business for their daily interactions, we anticipate that more scammers will start to reach out to small businesses.
So how can you make sure you don’t fall victim to one of these attacks? Read on to discover the latest WhatsApp scams, how they play out, and what you can do to keep your personal information (and your money) safe.
How common are WhatsApp scams?
During the Covid-19 lockdowns reports of WhatsApp scams soared by more than 2000%, according to Lloyds Bank.
Just one scam – the ‘friend in need’ – cost victims a total of £1.5m in less than five months in 2022, as reported by Action Fraud.
The most common scams to watch out for on WhatsApp in 2023
This isn't an exhaustive list as scammers always seem to be coming up with new tricks, but it does cover the most common WhatsApp scams to keep an eye out for.
1. The ‘friend or family member in need’ scam
Nothing tugs at the heartstrings like a plea for help from a family member – and criminals know how to exploit this emotional connection for their own gain.
The conversation generally begins ‘Hi Mum’ or ‘Hi Dad’ and goes on to claim that the family member has lost their phone and has bought a new one, as a way to explain the unidentified number.
They’ll then ask for money for various purposes, such as paying an urgent bill or dealing with an emergency. The victim will be tricked into transferring money into the fraudster’s bank account. Sometimes the scammer will pretend that they’ve been locked out of their online banking app to justify using a different bank account.
What you can do: If you receive an unusual request over WhatsApp, speak to your friend or family member on the phone to verify their identity and confirm their bank details verbally before sending any money. Note that elderly or less technology-savvy people can be especially susceptible to this type of scam, so ensure you make it clear to more senior friends and family how you will (and won't) try to contact them!
2. Job offer scams
Recruiters do use WhatsApp to get in touch with potential new hires – but if you receive a message out of the blue offering unrealistic salaries or working arrangements, it’s probably too good to be true.
Scammers often claim to offer flexible, well-paid, remote work, but will ask for personal information or a fee in order to proceed with an application. The victim may transfer money, or provide personal details that the scammer will use for identity theft.
What you can do: Be alert when dealing with any unexpected contact from recruiters, and look out for the signs that something isn’t right. Do you recognise the number? Do the terms of employment sound realistic? Does the message contain spelling errors? If you suspect the message is fraudulent, block the number and don’t click on any links.
3. Romance scams
Romance scams prey on users looking to find love, with scammers impersonating a genuine romantic interest on popular dating apps such as Tinder, eHarmony or Hinge, before moving the conversation over to WhatsApp. This switch builds trust in the relationship and can feel more ‘real’ to an unsuspecting victim.
Sometimes the fraudsters ask outright for money, travel tickets or gift cards, but other times they try to convince the victim to invest in cryptocurrency, promising a risk-free return on your money. This form of investment fraud is very difficult to trace or reverse. In reality, all the money that’s ‘invested’ goes straight into the scammer's bank account – and you never see a penny in return.
What you can do: Research any potential romantic partners thoroughly before interacting with them – it can be helpful to do a Google search of their name and their image, and cross referencing against any social media platforms to make sure that their story adds up. Genuine romantic partners are unlikely to ask you to send them money, so treat any requests with suspicion.
4. Call forwarding scams
These attacks attempt to take over your WhatsApp account using a call forwarding trick. WhatsApp is end-to-end encrypted and messages are stored on your device, so scammers can’t access past conversations – but if they can trigger call forwarding, they can verify your account on another phone.
First, the scammer places a phone call to you, convincing you to call a number that begins with a star (*) or hash symbol (#) – called MMI (Man Machine Interface) codes. This sends a one-time password (OTP) allowing the attacker to verify your account on their phone.
Once your account has been hijacked, the scammer might message your family and friends asking for money, or access sensitive information sent over WhatsApp.
What you can do: Avoid calls from unknown numbers on WhatsApp. If you do pick up, be wary of strangers asking you to call another number. Scammers often try to rush victims into acting quickly, so take a moment to think. How can you be sure the caller is who they say they are?
5. Lottery scams
We all dream of winning big – and fraudsters take advantage of those hopes using lottery win schemes. Scammers send a message informing you of a large win and asking you for personal information, such as passports or driving licences, or asking you to pay a fee to get your hands on the money. Sometimes they might say it's a prize draw (see below) or even a gambling win!
Cybercriminals often rush victims to respond quickly or risk losing the win, and ask them to keep it a secret from family and friends. It’s worth remembering that genuine lotteries love publicity, and won’t enforce a short timeframe to collect winnings.
What you can do: Ignore or report any ‘lottery win’ messages on WhatsApp. If you haven’t entered a lottery, you can’t win. If you have entered a lottery, check the company’s website to see how they normally get in touch with winners.
6. QR code scams
This scam operates similarly to the lottery scam above, with the fraudster informing the victim of an enticing win, then requesting a fee in return for prize money. They send over a QR code to facilitate payment, which then prompts the victim to enter a PIN. This grants the scammer access to your mobile wallets, so they can steal money from your bank accounts.
This scam takes advantage of the visual difference between QR codes and links, but while they look different, the result is the same.
What you can do: Treat QR codes with the same suspicion as you’d treat unknown links, and be wary of any unanticipated messages that request payment for prize money.
7. WhatsApp Gold scams
The WhatsApp Gold scam has been around since 2016. Fraudsters send an invitation to ‘upgrade’ to a premium version of the messaging service called WhatsApp Gold – which doesn’t exist. When a victim clicks on the download link, malware is installed on their device and used by the scammer to access sensitive information.
Bizarrely, a twist on this scam exists which urges victims not to open videos titled ‘Dance of the Pope’ or ‘Martinelli’, which it claims will also install malware on your phone. Victims are encouraged to forward copies to their phone contacts, operating in a similar way to chain letters.
What you can do: Don’t forward any messages that use scare tactics to your contacts, and if you receive an invitation to WhatsApp Gold, delete it immediately without clicking the links.
8. Fake giveaways and surveys
Big brands go to great lengths to develop trust with their customers – and scammers exploit that confidence to steal your personal information.
Scammers often impersonate legitimate companies such as Amazon or Apple with a message that asks the victim to fill in a survey in order to be entered into a prize draw or receive a gift card. In reality, the link asks you to enter your personal information into the survey format, which the scammer may use to impersonate you and commit fraud.
What you can do: Ignore any messages from companies that you have not requested notifications from. If the company is one that you have signed up with, use their website to verify competitions and prizes before you click.
9. WhatsApp verification code scams
Verifying your WhatsApp Business account is quick, easy and secure – as long as you have the WhatsApp verification code.
Unfortunately, scammers will often try to convince you to share the verification code with them. First, you’ll receive a verification code despite not having asked for one. Next, a scammer will get in contact and say that they accidentally sent it to your phone, asking you to forward the code onto them. Once they have the code, they can verify your account on their device and lock you out.
What you can do: Never share your verification code with others. If you receive a verification code without requesting it, you’re likely being targeted by this scam.
10. WhatsApp tech support scams
Scammers are also posing as technical support team members in order to dupe you into sharing your WhatsApp verification code, personal information or bank details. Typically the scheme starts with a message informing you of a problem with your WhatsApp account, and offering to help fix it. The scammers might try to rush you into action by telling you that you might be locked out of your account if you don’t reply quickly.
Look carefully at the placement of the green ‘verified’ tick – if it’s genuine, it will appear next to the verified contact’s name. Scammers have been known to add a tick to their profile photo to garner trust with their targets.
What you can do: Be wary of any account getting in touch out of the blue to help you fix an issue you haven’t asked for help with. The WhatsApp tech support team will never ask you to pay a fee or share sensitive information or verification codes via the app, so if you receive a request, block and report the contact.
How can I stay safe on WhatsApp?
Follow these top tips to keep your WhatsApp Business account secure:
- Stop and think before responding to an unexpected message, even if the scammer is pressuring you to reply quickly
- Question all unusual requests for money
- Set up a ‘password’ with family and friends, to be used in the case of emergency contact from an unknown number
- Verify the identity of anyone getting in touch from unfamiliar numbers via a known contact method, such as phone call
- Set up two-factor authentication on your WhatsApp Business account
Always make sure that you block any suspicious messages as well as reporting them directly to WhatsApp.
Is WhatsApp Business secure?
WhatsApp takes privacy and security very seriously, and protects all messages with end-to-end encryption. That said, it pays to be alert to the ever-evolving tactics of cybercriminals to ensure you don’t fall foul of these scams on WhatsApp, or any other platform for that matter!