For as long as anyone can remember, the most effective scams have been the simple ones, because they can pass undetected and appeal to a large demographic.
Unsurprisingly, this also applies to cybercrime. Sometimes, you don’t need complicated malware to steal money from unsuspecting victims. All you need is some good old fashioned social engineering. In fact, it’s even more effective than a digital tool because it can fool even someone who’s familiar with technology and perfectly aware of cyber danger.
’Daughter told me she’d been given a new number’
This was also the case for Mrs. Paula Boughton, a woman from Devon, UK, who’s been described as “savvy with technology” and perfectly aware of online scamming.
Heightened awareness didn’t stop Mrs. Boughton from getting tricked into transferring almost £16,000 ($21,000) of her own savings to fraudsters posing as her daughter on WhatsApp.
“I received a text message from what I presumed was my daughter, Sam, asking me to delete the old phone number as she’d been given a new number,” Mrs. Boughton said.
It went on after a couple of lines of text to ask me if I would make a transaction for her, which I agreed to, if she sent me the sort code, the payee’s details, and the account number. I presumed it was my daughter, and I thought, well, because of the situation, I was able to do that. Only when Sam didn’t reply to say good night, I started suspecting something was wrong.”
Fortunately, the bank managed to revert the money transfer and Mrs. Boughton got her money back. Not all scam victims are as lucky, though, and many lose their entire life savings in a second.
How WhatsApp scams work, and how you can spot them.
With approximately 2.44 billion users worldwide it’s no surprise WhatsApp is a favorite of cybercriminals and scammers. The techniques they use generally aren’t very complex and usually involve some form of social engineering, so here’s a shortlist of the most popular WhatsApp scams.
1. The friend or relative in need who urgently needs money.
Just like in the case of Mrs. Boughton, scammers contact the victim, usually through SMS, and say they’re a close relative or a friend who lost their phone or changed their number. Once they’re added to WhatsApp and have gained the victim’s trust, the fraudster will ask for a money transfer. To make the scam convincing, criminals do a background check on their victim and use the information they got from a data breach (name, phone number, address, relatives) or stalk their victim on social media.
What to do: Always confirm the story with your friend or relative by contacting them through another channel. Never rush into transferring money to someone even if you know them very well. If it’s a scam, chances are you won’t get your money back.
2. Authorities requiring more information.
Like the previous scam, this one consists of an unknown number contacting you and claiming they’re a bank representative, a law enforcement officer, or a delivery company representative. They will ask for personal data, credentials, or even financial information. The goal here is to gather more information about you and use it to hijack your accounts or steal from your bank account.
What to do: Nobody is allowed to ask for your financial information or access credentials, not even bank officials or police. Moreover, it’s highly unlikely that officials would contact you via WhatsApp. Ask for further proof they are who they claim to be, and don’t give away vulnerable information.
3. The fake voucher offer.
You get a flashy message and a link to a well-known retailer. The message usually has poor grammar and informs you that you’re eligible for a huge discount or special offer. However, clicking the link takes you to a fake page impersonating the retailer’s website, where your credentials or financial information will be stolen. Alternatively, the link downloads malware onto your device and that malware steals your passwords and card information or takes over your device.
What to do: Don’t click on strange or suspicious links, even if they seem to come from friends. Confirm with your friends that they really sent you that message and watch out for offers that seem too good to be true.
4. The WhatsApp verification code.
You receive a text message with a six-digit WhatsApp code that you were not expecting and did not request. It’s the kind of code needed to set up a new account or log in to your existing account on a new device. Immediately after that, you’re contacted by a trusted contact on WhatsApp asking for the six-digit code. The story is they need that code to log in, and they sent it to you because they knew they can trust you. However, that security code is actually the code to your own account. If you send it, your account will get hijacked and used to ask for money or steal other accounts from your contact list. Your friend’s account was already hijacked and is now controlled by criminals.
What to do: Consider it a red flag if you receive a notification that somebody tried to log in to your account, or if you receive a security code you did not ask for. Don’t share your security codes with anyone and always verify strange requests from your contacts, even trusted contacts, using alternative channels.