With more than 2 billion users globally and 23 million users in South Africa, WhatsApp continues to dominate as one of the world’s most popular social messaging platforms. It’s also a popular platform for scammers looking to cash in quickly by using social engineering tactics to trick users into revealing personal information, downloading malware, or making payments to fraudulent accounts, says Carey van Vlaanderen, CEO of ESET Southern Africa.
Built-in security measures vs social engineering
WhatsApp offers various security measures to reduce the risks associated with using the platform, including end-to-end encryption, two-step verification, user reporting and blocking, and biometric lock and unlock. However, it's important to note that these measures are not 100% foolproof which means it cannot guarantee protection against user error. As a result, there are some threats which can still pose a risk to users.
WhatsApp scams are usually social engineering scams, which can be difficult for users to detect as they often rely on exploiting human vulnerabilities rather than technical vulnerabilities. This makes it important for users to be skeptical of unsolicited messages or requests for personal information, and to verify the authenticity of any communication or offer before doing anything else.
What do users need to look out for, to avoid getting scammed? What are the most common types of WhatsApp scams?
Phishing scams: Fraudsters send messages that appear to be from a legitimate source, like a WhatsApp business account of a retailer, insurer or bank, and ask the victim to click on a link or provide personal information.
Pretexting scams: Scammers spin a false narrative or use a pretext to gain the victim's trust, such as pretending to be a customer service representative or a co-worker, and then asking for sensitive information.
Baiting scams: Users are offered something of value, such as a free gift, discount or prize, in exchange for personal information or actions, such as clicking on a link or downloading a file. Recently a major retailer published a scam alert of a fake WhatsApp message and website notifying customers that they could win R4000 in cash.
Scareware scams: Attackers create a sense of urgency or fear to manipulate the victim into taking immediate action, such as downloading fake antivirus software or paying a ransom to avoid legal consequences. Scammers have even posed as SARS employees, creating the impression that urgent action is required to avoid tax penalties or to claim a tax refund. Clicking the link in the message usually downloads a Trojan, which the scammer can use to hijack your mobile device.
Fake job offers: Scammers send messages claiming to offer job opportunities and ask users to pay a fee or provide personal information to secure the job.
Investment scams: Scammers send messages offering high returns on investment and ask users to transfer money to fraudulent accounts.
Romance scams: Con artists create fake profiles on WhatsApp and other dating apps to establish a relationship with users and then ask for money or personal information.
It's important to be aware of these scams and take necessary precautions to protect yourself from them. It’s just as important to make sure your friends and loved ones are informed about the dangers of communicating with unknown numbers.
Here are some tips to protect yourself from WhatsApp scams:
1. Be wary of unsolicited messages: If you receive a message from an unknown number or a group you didn't join, be cautious. Don't click on any links or download any attachments in such messages.
2. Verify the source: If you receive a message from a known contact, but it seems suspicious, verify (either by a phone call or using another social platform) with the person before clicking on any links or downloading any attachments. Scammers often use other people’s hacked accounts to send fraudulent messages to their contacts.
3. Don't share personal information: Don't share any personal information like bank account details, passwords, or other sensitive information on WhatsApp, even if the request appears to be coming from a trusted source.
4. Enable two-step verification: Two-step verification adds an extra layer of security to your account. Enable this feature in WhatsApp by going to Settings > Account > Two-step verification.
5. Keep your WhatsApp app updated: Make sure you have the latest version of WhatsApp installed on your device. Updates often include security fixes and other enhancements that can help protect you from scams.
6. Be vigilant: If something seems too good to be true, it probably is. Don't fall for scams that promise you free gifts or money in exchange for personal information.
7. Use trusted antivirus software: Install reputable antivirus software on your device to protect yourself from malware and other security threats.
No such thing as ‘too cautious’
By following these tips and always erring on the side of caution, you can protect yourself from WhatsApp scams and keep your personal information safe from scammers and swindlers. As the saying goes ‘better safe, than sorry’.
For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, encryption and multifactor authentication, ESET’s high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defences in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET’s R&D centres worldwide, working in support of our shared future. For more information, visit www.eset.com/za or follow us on LinkedIn, Facebook, and Instagram.