WhatsApp Scams: What is WhatsApp Fraud and How Do You Prevent It?

WhatsApp Fraud: What Is it and How Do You Prevent It?

Nowadays, online safety is all but a given. Even a hugely popular online communication platform like WhatsApp, which is owned by Facebook, has become a favorite tramping ground for fraudsters. This is not surprising, considering the enormous number of WhatsApp users, which as of February 2020 stood at over 2 billion users worldwide, and counting. If you add to this the fact that, for various reasons, the majority of WhatsApp users are vulnerable when online, WhatsApp has become an irresistible platform for fraudsters. Furthermore, users have become more vulnerable over time, since the tactics used by scammers are becoming more and more ingenious and more effective.

As a result, WhatsApp fraud is on the rise, causing each victim, on average, thousands of dollars in losses. In the first half of 2020 the total number of fraud reports increased sharply, with only a very small number of fraud offences resulting in prosecution. Needless to say, it is therefore important to know what WhatsApp fraud is, how to recognize Whatsapp scams and how to prevent them. This is exactly what this article is all about.

What is WhatsApp fraud (friend or family emergency scam)?

Whatsapp-LogoWhatsApp fraud is a form of fraud in which cybercriminals pretend to be a victim’s acquaintance and then ask them for money. Currently, most of those criminals pose as a friend or family member and ask for financial help because “they urgently have to pay a (high) bill” or “they have an emergency and urgently need some money”.

Usually, the perpetrators pretend to be in a hurry, most likely to entice their victims to take immediate action. That is why this type of fraud is also referred to as a friend or family emergency scam. Sadly, on average victims loose thousands of dollars to WhatsApp scams. Age also seems to be a factor, with most of the victims being over 50 years old.

In most cases the phone number used by the criminal to commit WhatsApp fraud is unknown to the victim, yet the attached profile picture is familiar. Consequently, the victim thinks that he or she is indeed communicating with a friend or family member. However, criminals can easily copy a photo from other social media platforms, such as Facebook or Instagram. The same applies to other information that can be used to mislead the victim. Like the vocabulary an individual may use, or certain events the individual may have posted about online (“Should’ve asked you for help when we were in that bar yesterday…”).

Today an even more misleading form of WhatsApp fraud is emerging, known as WhatsApp hijacking. With this type of fraud, actual WhatsApp accounts are being taken over by fraudsters.

Advanced WhatsApp scam: WhatsApp hijacking

WhatsApp hijacking occurs when a cybercriminal breaks into a victim’s WhatsApp account to commit fraud. Because the fraudster is using a friend’s actual account, their demand for quick cash is more credible to the victim.

For an experienced, or even an inexperienced, cybercriminal, breaking into someone’s WhatsApp account is easier than it sounds. The following scenario may sound unlikely or overly complicated to some, but it happens more often than you think. This is how it is done:

  1. The fraudster obtains the telephone number of his first victim.
  2. The cybercriminal (re)installs WhatsApp on his phone or another device.
  3. The criminal contacts the victim, impersonating an acquaintance of the victim.
  4. The WhatsApp fraudster lies to the victim, saying that they have accidentally sent their verification code to the victim.
  5. The cybercriminal tricks the victim into giving them the verification code, which they then type it into their own phone thus gaining access to the victim’s WhatsApp account and all the victim’s contacts.

WhatsApp fraud and voicemail box hijacking

smartphone-voicemail-iconAnother common trick to gain access to a victim’s WhatsApp account involves breaking into a victim’s voicemail box to steal the WhatsApp verification code. When WhatsApp is (re)installed, the app sends a text message to the specified phone number with the verification code. However, the cybercriminal can indicate that he/she has not received the code and ask to receive a call instead, knowing that WhatsApp will call the victim within minutes. The fraudster will then call the victim’s phone number at exactly the same time. Since the victim is on the phone, the verification code is sent to the victim’s voicemail box instead.

The problem in this scenario is that many people fail to properly secure their voicemail box. They often leave the default password unchanged, which is usually set to either “1111” or “0000”. Or they change the password to a predictable number combination, such as “1234”. With such simple security codes, it is extremely easy for cybercriminals to break into a victim’s voicemail and retrieve the WhatsApp verification code.

Once the fraudster has gained control over the first victim’s account, defrauding the victim’s contacts and even taking over their accounts is often a breeze. This is because the fraudster is then able to approach their next victim with the name, profile picture and even the phone number of someone the victim knows and trusts. This makes this form of fraud very credible and often difficult to spot.

This type of fraud starts with only one account being taken over and defrauding a few contacts of the victim but can have a rapidly escalating snowball effect. This is because the fraud network expands exponentially with every step, as every account takeover unveils many new contacts to trick into handing over valuable account details or money.

How do you recognize WhatsApp fraud?

WhatsApp fraud can be very difficult to spot, especially when the fraudster has taken over the WhatsApp account of a person that is known to the victim. Nevertheless, there are often signs that should cause alarm bells to go off and indicate that you could be dealing with a criminal. Admittedly, these signs can be subtle.

In a rush

A reoccurring sign is a sense of haste. Fraudsters pretend to be in a rush and are very good at getting their victims flustered, putting pressure on them to act quickly and pay as soon as possible. A real‑life example of such fraud being perpetrated is a conversation held in the past between a father and his supposed son. In this instance, the fraudster pretended to be the victim’s son and told the victim that he had two bills that were overdue, and asked his “dad” to advance him some money.

Another possible scenario could go as follows. You unexpectedly hear from a supposed friend or acquaintance. They tell you that they have a new number. In the same message, or in a message sent shortly after, they ask you for some money. Of course, the account number to which you are to send the money is unknown to you, as most people don’t know their contact’s account details anyway. Furthermore, most people don’t have the time to go through the hassle of verifying account numbers.

So remember, if someone tells you he or she has a new number and the receipt of this information coincides with a request for money, this is most likely a scam. This is especially so if the person is not well known to you. Or, exactly the opposite, you know the person very well and the demand is completely out of character.

The WhatsApp scammer never wants to have a phone call

smartphone-with-telephone-iconOf course, the previous red flags may be less obvious when the WhatsApp account of a person known to you has been hijacked. Another tell-tale sign is when the scammer does not want you to call them, even when you ask or tell them that you would prefer to discuss this first over the phone. The fraudster will often have a whole series of very convincing excuses as to why calling is not possible. Of course, this is because if you would call the scammer, and hear their voice, they risk being exposed.

Another give-away is poor English. Watch out for messages that include strange misspellings or grammatical mistakes. Some (WhatsApp) fraudsters live abroad, often in less prosperous countries, and/or are not well educated. Such criminals often rely on translation apps or tools, such as Google Translate. If this is the case, you will usually notice that the language used is “a bit off”. Again, alarm bells should start ringing. Keep in mind that catfishing is also rampant on WhatsApp.

Payment requests to unknown/unlisted accounts

Usually, cybercriminals will ask you to make a direct transfer to an unknown account, often a conduit account used by criminals to quickly move money to a string of other accounts. Or they may ask you to transfer money via PayPal, Facebook Messenger Payments, Google Pay, Apple Pay Cash or apps such as Cash App or Venmo (PayPal’s Mobile payment service). Alarm bells should go off in this instance as well, especially if the payment method requested is not familiar to you.

In any case, it is wise to double check and be suspicious when responding to these types of payment requests. In many cases, you cannot see or verify the account number. And although the above payment systems have security measures in place, it is still possible to create fake accounts that work as conduit bank accounts. Some apps also support Bitcoin payments. Unfortunately, there is no way of verifying whether the person you are transferring money to is indeed someone you know.

Even worse, if a scammer has somehow gotten hold of a friend’s or acquaintance’s personal details, like a utility bill or some other form of identity confirmation (these can even be counterfeited), and that person does not already have, let’s say, a PayPal account, the fraudster can open a fake or stealth PayPal account in their name.

PayPal stealth accounts can be created under any name. Stealth accounts can be accessed via a specific country’s or location’s IP address, by using a dedicated IP VPN, for example, which can be verified by a virtual bank account or virtual visa card. All of which can easily be set-up by cybercriminals.

If you can see the account number, it is wise to ensure that the account number matches the number that you have for that person. Maybe you have made a transfer to your friend, family member or acquaintance before? If that is the case, you can look up the account number that you used for a previous payment using your online banking app.

What also happens sometimes, is that the scammer gives you the account number of the person they allegedly owe the money to. They will then ask you to transfer the money directly to this account. To give their demand some credibility, they may, for example, tell you they have difficulties transferring the money themselves, citing some sort of error message and asking you to try “because it’s urgent and important that the money is paid on time”. In most cases, the cited accounts are fraudulent conduit accounts and the final destination is difficult to trace.

Summary of tell-tale signs of WhatsApp scams

Above we have described the tell-tale signs that indicate that you are potentially dealing with a WhatsApp fraudster. We recommend that you read this information carefully to familiarize yourself with the way these cybercriminals work, so that hopefully you do not fall into their traps. Below is a brief summary of the mentioned signs:

  • The scammer conveys a sense of urgency and tries to convince you or pressures you to pay quickly (this is almost always the case)
  • The cybercriminal sends you a WhatsApp message from an unknown phone number (only occurs if the criminal has not hijacked someone’s WhatsApp account)
  • The scammer informs you that their number has changed and, almost immediately, starts talking about money (once again, this only occurs if the criminal has not hijacked someone’s WhatsApp account)
  • The fraudster’s messages are written in poor English, as often the fraudster’s mother tongue is not English or they are not well educated
  • The criminal does not want to be called
  • The fraudster asks you to transfer money to an unknown account or uses an app that does not show account numbers at all (such as PayPal or Venmo)

How do you prevent WhatsApp fraud and/or hijacking?

Although it is important to understand what WhatsApp fraud is and what the tell-tale signs of WhatsApp fraud are, you also need to know how to prevent this type of fraud. To protect yourself and your contacts from WhatsApp fraud, we recommend you follow the guidelines below.

Tips to prevent WhatsApp fraud

  • If you receive a message from someone who is asking for money, first check whether the number is correct. If one of your friends or acquaintances suddenly has a new number and asks you for money, you should find this, at the very least, suspicious
  • Pause for a moment and check the language and communication style of the message. Is it different/worse than usual? If so, there is a fair chance you are dealing with a WhatsApp scam
  • Try to call the number of the person asking for money. If it is a scammer, they will probably be quickly exposed!
  • If the fraudster does not pick up, try to call the “old” number you have for your friend or acquaintance, or contact them in a different way (e.g. e-mail, SMS, etc) to verify the story
  • Don’t let the fraudster pressure you. Think logically and keep calm. If someone asks you for money to cover an urgent debt with, for instance, an energy supplier or government agency, ask yourself how likely is that a few hours delay would matter.
  • If you are suspicious, ask the scammer a question only your friend or acquaintance would know the answer to.
  • Secure your voicemail with an unpredictable secure, personal code that only you would know. This makes it more difficult for WhatsApp fraudsters to access your voicemail box to retrieve a WhatsApp verification code.
  • If someone asks you to send a verification code, never send it without question. Always seek contact with the person you think you are talking to in a different way. The above is important if the person requesting the verification code is unknown to you. Keep in mind that if a person needs a verification code, they could simply request it again from WhatsApp instead of contacting you.
  • Set up “2-Factor Authentication” on WhatsApp. Once this is setup, if installing WhatsApp on a new device, WhatsApp will request the 6-digit code you have set as well as the verification they send you. This will make account hijacking much more difficult to achieve.

Smart WhatsApp usage protects you and your contacts

Remember that the tips provided above are not only important to protect yourself. If criminals manage to hijack your WhatsApp account, they can easily scam your contacts and possibly take over the accounts of your friends and family as well. If you have been less diligent in securing your account and your friends lose thousands of dollars in the process, they might not be talking to you for a while… By following the tips above you protect yourself and your contacts!

I’ve been a Victim of WhatsApp fraud, what can I do?

Being a victim of WhatsApp fraud is unsettling, to say the least. However, try to remain calm. If you realize that you have become the victim of a scam shortly after you have transferred money, you may be able to reverse the payment. In some countries and with certain banks, depending at what stage your transfer is at, you may be able to stop a transfer that has just been made or reverse the payment. However, depending on the circumstances, you might need to act quickly to get your money back.

Wire transfers are usually harder to recover, as they leave your account immediately and are also available for withdrawal immediately. Conduit accounts, for example, are usually emptied out straight away. Furthermore, things can get extra tricky if you have used an online payment service or payment app.

Whatever the scenario or the payment service used, always inform your bank. In the father and son example provided above, the father called his bank and eventually got his money back. Because he contacted his bank quickly, the bank was able to reverse the transfer.

If you have been the victim of fraud and reported it, there is a chance you will get your money back. Again, this may depend on your bank, country of residence, as well as local codes of practice or regulations. In the US, for example, most major banks signed a voluntary code of practice to reimburse victims unless “they ignored their bank’s warnings” or were “grossly negligent”. However, this does not mean they are obliged to issue a refund if you have been tricked into making a payment.

Even when the bank cannot reverse the transfer or does not issue a refund, they would still investigate the fraud claim. This is done to verify the claim and to determine what happened and how it happened. The bank may then in turn warn other customers and protect you and them from future fraud.

It is of utmost importance that you report WhatsApp fraud or WhatsApp hijacking to the police and/or the relevant agency in your country of residence. For example, if you live in the US, contact the FBI’s Internet Crime Complaint Center (IC3), and Action Fraud, if you live in the UK.

You should also report any scam or the receipt of a message from an unknown number to WhatsApp, so that they can warn other WhatsApp users. This can be done very simply from within the app itself. Please refer to our FAQ section below for further information on how to do this.

Finally, we suggest you report the scam to AnyScam, the free scammer reporting service from SCARS Global Fraud Clearinghouse, a worldwide non-profit organization that provides online support and assistance to victims of crime. Some countries also have national help groups for victims of fraud or fraud helpdesks. They can help you deal with the process you go through when you become a victim of fraud and can help prevent future fraud.

WhatsApp Fraud: frequently asked questions

Do you have a question about WhatsApp fraud? Read our FAQs below.

WhatsApp fraud is a WhatsApp scam, in which a cybercriminal pretends to be someone you know and asks you for money. Usually the scammer claims he or she needs the money urgently to pay an overdue bill. That is why this is often referred to as a friend or family emergence scam. Do you want to know more? Read this in-depth article about WhatsApp fraud.

It is not always easy to spot WhatsApp fraud and especially WhatsApp hijacking, as the tell-tale signs vary widely. However, the following are definite red flags:

  • you have a feeling of being rushed
  • the scammer does not want you to call them
  • the fraudster asks you to transfer money via a payment service or payment app you may not be familiar with or asks you to transfer money to an unknown account

WhatsApp hijacking is a technique used by criminals to make WhatsApp fraud easier. In essence, all they do is take over your WhatsApp account by intercepting a verification code that has been sent to your phone number.

If you want to know how they achieve this and what you can do to prevent it, read this article.

There are several steps you can take to make WhatsApp fraud a lot harder for cybercriminals. Here are three important ones:

  • Set up “2-Factor Authentication” on WhatsApp
  • Secure your voicemail box with an unpredictable secure code that only you know
  • Try to call the WhatsApp fraudster

There are many more tips that can help you prevent WhatsApp fraud.

You can report a scam to WhatsApp from within the app.

  • On an Android phone got to WhatsApp and tap the more options button (i.e. the button has three dots on top of each other like this). Then select Settings > Help > Contact Us
  • On an iPhone go to WhatsApp and tap the settings button. Then select Help > Contact Us

WhatsApp suggest that you provide as much information as possible.

If you receive a message from a suspicious unknown number, or a suspicious contact or group, you can report these to WhatsApp from within the chat. To do this complete the following steps:

  1. Open the chat
  2. Tap on the number, contact or group name to open their profile information
  3. Scroll to the bottom and tap on the Report Contact or Report Group link

WhatsApp then receives the most recent messages sent to you from the reported number or the reported contact or group. WhatsApp would also receive information on your recent interaction with the reported number, contact or group.

IT communication specialist
Sandra has many years of experience in the IT and tech sector as a communication specialist. She's also been co-director of a company specializing in IT, editorial services and communications project management. For VPNoverview.com she follows relevant cybercrime and online privacy developments. She rigorously tests the quality of VPN services using VPNOverview.com's dedicated VPN testing protocol that has been finetuned and optimized over the years.
Leave a comment
  1. Someone requested my WhatsApp number, I gave it . Then after sometime my WhatsApp account stopped working. A month later I received a call from someone that he was defrauded using my number and that my number was been used to defraud people. Please what do I do? Thanks

    • Getting your access to WhatsApp back will also kick the defrauder out of your account. To get this done, log into WhatsApp again and verify your phone number by entering the code sent to your device by SMS. Do NOT share this code with anyone else! Once you’ve done this, you’ll have access back. To make sure no one alse is using your WhatsApp account on desktop, make sure to log out of all computers using your phone. You can do this by tapping the three dots in the top-right corner, then going to “Linked devices” and tapping each of the devices listed to log them out.

      Aside from this, it’s important to let all your friends and family on WhatsApp know that they shouldn’t click on any links in messages from “your” WhatsApp account sent since you lost access. Make them aware of the scam so they don’t fall for it! We hope this helps.

  2. I don’t know anything about WhatsApp but a friend sent a conversation supposedly between myself and someone else in Ecuador. I live in the states.
    My friend knows it’s a scam but how can I prevent my name, photo, etc from being used?

    • Unfortunately, it’s very easy for someone to copy your name and photo from WhatsApp and use it themselves. It’s also a piece of cake to create fake WhatsApp conversations and present them as fact. Luckily, there usually is little reason for people to do this. The best you can do, is make sure your own WhatsApp account is protected (with two-factor authentication, by making sure you aren’t logged in to WhatsApp Web on any unknown devices, etc.) and stay informed. As long as the people you know, know your real WhatsApp account (which is tied to your phone number) you should be okay.

  3. I had a WhatsApp scammer yesterday,
    I took pics of the conversation, shame I can’t send them.

    • You can actually report scammers on WhatsApp by clicking “Report Contact” on the scammer’s Whatsapp profile! Your screenshots might actually come in handy there or later, as they can help WhatsApp combat this kind of cybercrime.

  4. Is it possible that someone is a scammer if he asks me to send him money
    After sending he will send me again
    He does it but it’s still pending
    I sent again still pending
    Sent again still pending
    Now it’s now 95% pending

    • This definitely sounds problematic. We’d advise you to NOT send money again. Take a good, critical look at who you’re sending the money to – are they a known friend? A seller online? Someone you know personally? Did they send you a link to click on so you could pay? The best course of action is always to maintain full control of your actions: if you want to pay someone online, first find out if they can be trusted. Then go to your own online banking environment (directly, without using a link someone sent you) and pay the amount through there. If it doesn’t work after one time, make sure to contact your bank or figure out in some other way what went wrong before you try the same method again. This sounds like a scammer is possibly telling you they didn’t receive the money, so you’ll send them more.

  5. Hi, a newly friend of mine asking me for my Complete name, address, email address, contact number and Near airport. I haven’t reply, is this a scammer?

    • It’s hard to know for sure whether this is a scammer or not. However, it sounds really strange that this person would need all of this personal information about you, especially if you haven’t known them for very long. We’d suggest you don’t provide this information and, if they keep pushing or ask for any other kind of personal information, that you cut contact. Scammer or not, they don’t need to know where you live.

  6. How can you check if you are talking to the real actress

    • Generally, if someone contacted you out of the blue on WhatsApp and they claim to be someone famous, you can be sure they’re a fake. Especially when they ask you to transfer money or to click on a certain link, we urge you NOT to do so, as that is very likely to be a WhatsApp scam.

  7. Can a fraudster, act as my friend and actually replace them in what’s app, without me knowing? And remove my family one by one with fraudster members.

    • To answer the first part of your question: yes. Usually, what scammers will do, is pretend they’re your friend messaging you with a new phone number and get you to replace that WhatsApp contact yourself. Once they’ve won your trust, they’ll try to get you to send them money. The chances of that happening to your entire family one by one, however, are very slim. If you’re worried a scammer is impersonating your friends or family members on WhatsApp, we recommend getting in touch with those people in some other way, for example by calling or visiting your family and asking if they’ve sent you the recent WhatsApp messages you’re wary of.

  8. How can I report a suspected WhatsApp number?

    • Hi Claire! Thanks for the question. It’s an easy process. Simply follow the steps below.
      1. From the app, open the chat with the number you want to report.
      2. Next click on the user’s name at the top of the screen.
      3. Scroll to the bottom and click report contact.

  9. I am a victim, luckily I stopped quickly. NEVER trust strangers words. They might sound caring, compassionate, thoughtful but before you really know the person, meaning seeing people (friends, family, coworkers) in their life. NEVER truly believe everything they say. You deserves the best!! Don’t let loneliness or self confidence interfere with any relationship. If the person is real and interested in you, they will not leave just because you don’t invest in money or you have no money.

  10. My WhatsApp account has been hacked someone else is using my account I am unable to use my whatsapp on my mobile

    • Get in touch with WhatsApp, they’ll know what to do when this happens. Also, make sure that your contacts know you’ve been hacked so they shouldn’t fall for any scams the hacker might run using your account.

      • I am currently experiencing the same challenge, my WhatsApp number is definitely hacked as I am receiving numerous WhatsApp responses from contacts I don’t know with irrelevant network wealth sign up queries that I know nothing about. I’m receiving more than 20 WhatsApp responses in few hours then obviously some of this people report my cellphone number to WhatsApp support, then be banned many times in a day by support and unban my number when I email them which is not solving my challenge.

        WhatsApp Support is not willing to assist nor offer me any resolution to my challenge. I have been sending / reporting that my account is being hacked obviously but their automated reply is always that “WhatsApp account is tied to one cellphone number” not bothering to read nor acknowledge nor read my email.

        This is so frustrating that I have no solution and I’m banned from WhatsApp numerous times a day and have to keep loosing my important chats and messages from my contacts nor be able to use WhatsApp myself as numerous WhatsApp messages from unknown people keep overcrowding my WhatsApp chat in every second.

        I really need help as I cannot change my cellphone number but needs WHATSAPP SUPPORT to read my emails with proof screenshot of unknown people sending me irrelevant WhatsApp messages.

        please help

        • If you’re receiving messages from unknown numbers, it could be that your phone number was leaked somewhere and you’re receiving a lot of spam. Unfortunately, WhatsApp doesn’t seem to have an automatic block function, so you’de have to block incoming spammers manually. If it’s true that other people are receiving messages from you as a contact, you’ve probably been hacked. There are a couple steps you can take to deal with this. First off is reporting it to WhatsApp (like you already did). Second, you can get a duplicate SIM and rectivate the WhatsApp account on another smartphone. This reactivation process will make WhatsApp send you a 6 digit code, once you fill that in, the hacker will be logged out and you can set up WhatsApp to be more secure (such as using 2-factor authentication). Another thing you can do is delete your WhatsApp account altogether. This is not the same as deleting the app from your phone. To do this, you actually have to go to WhatsApp’s web support in order to actually delete your WA account. Doing this will remove you from all chats you’re a part of, as well as delete your chat history. After the account is deleted, you can go to WhatsApp and ask them to recover it, this will take a couple of days, but if all is well, you should be able to access your recovered account (although you’d still miss your old chats and groups).

  11. What if someone asks for your phone server, and if I had a credit card. At that point, I knew it was a red flag and they also were impersonating a celebrity.

    • These are indeed some red flags and it’s probably a scam. It’s best not to reply at all and block the number.

  12. I’ve been a victim of this, and yet to recover my account. They’ve reached most of my contacts asking for money. I thought I had recuperated my account and nope they did it again. Not sure how they hack into it but this is so awful, it was the only way to easily communicate with my family back home and they took that away from me.

  13. Cryptocurrency scam, they use Whatsapp accn to call people. Have in my phone their Whatsapp number, is there any way to track down their call destination?

    • The best course of action, in this case, would probably be to report the WhatsApp number and block it altogether. We wouldn’t advise tracking someone down yourself.

  14. I still hold fakebook responsible they created a mess they should always have a way to check it and protect their members

Leave a comment