Nowadays, online safety is all but a given. Even a hugely popular online communication platform like WhatsApp, which is owned by Facebook, has become a favorite tramping ground for fraudsters. This is not surprising, considering the enormous number of WhatsApp users, which as of February 2020 stood at over 2 billion users worldwide, and counting. If you add to this the fact that, for various reasons, the majority of WhatsApp users are vulnerable when online, WhatsApp has become an irresistible platform for fraudsters. Furthermore, users have become more vulnerable over time, since the tactics used by scammers are becoming more and more ingenious and more effective.
As a result, WhatsApp fraud is on the rise, causing each victim, on average, thousands of dollars in losses. In the first half of 2020 the total number of fraud reports increased sharply, with only a very small number of fraud offences resulting in prosecution. Needless to say, it is therefore important to know what WhatsApp fraud is, how to recognize Whatsapp scams and how to prevent them. This is exactly what this article is all about.
What is WhatsApp fraud (friend or family emergency scam)?
WhatsApp fraud is a form of fraud in which cybercriminals pretend to be a victim’s acquaintance and then ask them for money. Currently, most of those criminals pose as a friend or family member and ask for financial help because “they urgently have to pay a (high) bill” or “they have an emergency and urgently need some money”.
Usually, the perpetrators pretend to be in a hurry, most likely to entice their victims to take immediate action. That is why this type of fraud is also referred to as a friend or family emergency scam. Sadly, on average victims loose thousands of dollars to WhatsApp scams. Age also seems to be a factor, with most of the victims being over 50 years old.
In most cases the phone number used by the criminal to commit WhatsApp fraud is unknown to the victim, yet the attached profile picture is familiar. Consequently, the victim thinks that he or she is indeed communicating with a friend or family member. However, criminals can easily copy a photo from other social media platforms, such as Facebook or Instagram. The same applies to other information that can be used to mislead the victim. Like the vocabulary an individual may use, or certain events the individual may have posted about online (“Should’ve asked you for help when we were in that bar yesterday…”).
Today an even more misleading form of WhatsApp fraud is emerging, known as WhatsApp hijacking. With this type of fraud, actual WhatsApp accounts are being taken over by fraudsters.
Advanced WhatsApp scam: WhatsApp hijacking
WhatsApp hijacking occurs when a cybercriminal breaks into a victim’s WhatsApp account to commit fraud. Because the fraudster is using a friend’s actual account, their demand for quick cash is more credible to the victim.
For an experienced, or even an inexperienced, cybercriminal, breaking into someone’s WhatsApp account is easier than it sounds. The following scenario may sound unlikely or overly complicated to some, but it happens more often than you think. This is how it is done:
- The fraudster obtains the telephone number of his first victim.
- The cybercriminal (re)installs WhatsApp on his phone or another device.
- The criminal contacts the victim, impersonating an acquaintance of the victim.
- The WhatsApp fraudster lies to the victim, saying that they have accidentally sent their verification code to the victim.
- The cybercriminal tricks the victim into giving them the verification code, which they then type it into their own phone thus gaining access to the victim’s WhatsApp account and all the victim’s contacts.
WhatsApp fraud and voicemail box hijacking
Another common trick to gain access to a victim’s WhatsApp account involves breaking into a victim’s voicemail box to steal the WhatsApp verification code. When WhatsApp is (re)installed, the app sends a text message to the specified phone number with the verification code. However, the cybercriminal can indicate that he/she has not received the code and ask to receive a call instead, knowing that WhatsApp will call the victim within minutes. The fraudster will then call the victim’s phone number at exactly the same time. Since the victim is on the phone, the verification code is sent to the victim’s voicemail box instead.
The problem in this scenario is that many people fail to properly secure their voicemail box. They often leave the default password unchanged, which is usually set to either “1111” or “0000”. Or they change the password to a predictable number combination, such as “1234”. With such simple security codes, it is extremely easy for cybercriminals to break into a victim’s voicemail and retrieve the WhatsApp verification code.
Once the fraudster has gained control over the first victim’s account, defrauding the victim’s contacts and even taking over their accounts is often a breeze. This is because the fraudster is then able to approach their next victim with the name, profile picture and even the phone number of someone the victim knows and trusts. This makes this form of fraud very credible and often difficult to spot.
This type of fraud starts with only one account being taken over and defrauding a few contacts of the victim but can have a rapidly escalating snowball effect. This is because the fraud network expands exponentially with every step, as every account takeover unveils many new contacts to trick into handing over valuable account details or money.
How do you recognize WhatsApp fraud?
WhatsApp fraud can be very difficult to spot, especially when the fraudster has taken over the WhatsApp account of a person that is known to the victim. Nevertheless, there are often signs that should cause alarm bells to go off and indicate that you could be dealing with a criminal. Admittedly, these signs can be subtle.
In a rush
A reoccurring sign is a sense of haste. Fraudsters pretend to be in a rush and are very good at getting their victims flustered, putting pressure on them to act quickly and pay as soon as possible. A real‑life example of such fraud being perpetrated is a conversation held in the past between a father and his supposed son. In this instance, the fraudster pretended to be the victim’s son and told the victim that he had two bills that were overdue, and asked his “dad” to advance him some money.
Another possible scenario could go as follows. You unexpectedly hear from a supposed friend or acquaintance. They tell you that they have a new number. In the same message, or in a message sent shortly after, they ask you for some money. Of course, the account number to which you are to send the money is unknown to you, as most people don’t know their contact’s account details anyway. Furthermore, most people don’t have the time to go through the hassle of verifying account numbers.
So remember, if someone tells you he or she has a new number and the receipt of this information coincides with a request for money, this is most likely a scam. This is especially so if the person is not well known to you. Or, exactly the opposite, you know the person very well and the demand is completely out of character.
The WhatsApp scammer never wants to have a phone call
Of course, the previous red flags may be less obvious when the WhatsApp account of a person known to you has been hijacked. Another tell-tale sign is when the scammer does not want you to call them, even when you ask or tell them that you would prefer to discuss this first over the phone. The fraudster will often have a whole series of very convincing excuses as to why calling is not possible. Of course, this is because if you would call the scammer, and hear their voice, they risk being exposed.
Another give-away is poor English. Watch out for messages that include strange misspellings or grammatical mistakes. Some (WhatsApp) fraudsters live abroad, often in less prosperous countries, and/or are not well educated. Such criminals often rely on translation apps or tools, such as Google Translate. If this is the case, you will usually notice that the language used is “a bit off”. Again, alarm bells should start ringing.
Payment requests to unknown/unlisted accounts
Usually, cybercriminals will ask you to make a direct transfer to an unknown account, often a conduit account used by criminals to quickly move money to a string of other accounts. Or they may ask you to transfer money via PayPal, Facebook Messenger Payments, Google Pay, Apple Pay Cash or apps such as Cash App or Venmo (PayPal’s Mobile payment service). Alarm bells should go off in this instance as well, especially if the payment method requested is not familiar to you.
In any case, it is wise to double check and be suspicious when responding to these types of payment requests. In many cases, you cannot see or verify the account number. And although the above payment systems have security measures in place, it is still possible to create fake accounts that work as conduit bank accounts. Some apps also support Bitcoin payments. Unfortunately, there is no way of verifying whether the person you are transferring money to is indeed someone you know.
Even worse, if a scammer has somehow gotten hold of a friend’s or acquaintance’s personal details, like a utility bill or some other form of identity confirmation (these can even be counterfeited), and that person does not already have, let’s say, a PayPal account, the fraudster can open a fake or stealth PayPal account in their name.
PayPal stealth accounts can be created under any name. Stealth accounts can be accessed via a specific country’s or location’s IP address, by using a dedicated IP VPN, for example, which can be verified by a virtual bank account or virtual visa card. All of which can easily be set-up by cybercriminals.
If you can see the account number, it is wise to ensure that the account number matches the number that you have for that person. Maybe you have made a transfer to your friend, family member or acquaintance before? If that is the case, you can look up the account number that you used for a previous payment using your online banking app.
What also happens sometimes, is that the scammer gives you the account number of the person they allegedly owe the money to. They will then ask you to transfer the money directly to this account. To give their demand some credibility, they may, for example, tell you they have difficulties transferring the money themselves, citing some sort of error message and asking you to try “because it’s urgent and important that the money is paid on time”. In most cases, the cited accounts are fraudulent conduit accounts and the final destination is difficult to trace.
Summary of tell-tale signs of WhatsApp scams
Above we have described the tell-tale signs that indicate that you are potentially dealing with a WhatsApp fraudster. We recommend that you read this information carefully to familiarize yourself with the way these cybercriminals work, so that hopefully you do not fall into their traps. Below is a brief summary of the mentioned signs:
- The scammer conveys a sense of urgency and tries to convince you or pressures you to pay quickly (this is almost always the case)
- The cybercriminal sends you a WhatsApp message from an unknown phone number (only occurs if the criminal has not hijacked someone’s WhatsApp account)
- The scammer informs you that their number has changed and, almost immediately, starts talking about money (once again, this only occurs if the criminal has not hijacked someone’s WhatsApp account)
- The fraudster’s messages are written in poor English, as often the fraudster’s mother tongue is not English or they are not well educated
- The criminal does not want to be called
- The fraudster asks you to transfer money to an unknown account or uses an app that does not show account numbers at all (such as PayPal or Venmo)
How do you prevent WhatsApp fraud and/or hijacking?
Although it is important to understand what WhatsApp fraud is and what the tell-tale signs of WhatsApp fraud are, you also need to know how to prevent this type of fraud. To protect yourself and your contacts from WhatsApp fraud, we recommend you follow the guidelines below.
Tips to prevent WhatsApp fraud
- If you receive a message from someone who is asking for money, first check whether the number is correct. If one of your friends or acquaintances suddenly has a new number and asks you for money, you should find this, at the very least, suspicious
- Pause for a moment and check the language and communication style of the message. Is it different/worse than usual? If so, there is a fair chance you are dealing with a WhatsApp scam
- Try to call the number of the person asking for money. If it is a scammer, they will probably be quickly exposed!
- If the fraudster does not pick up, try to call the “old” number you have for your friend or acquaintance, or contact them in a different way (e.g. e-mail, SMS, etc) to verify the story
- Don’t let the fraudster pressure you. Think logically and keep calm. If someone asks you for money to cover an urgent debt with, for instance, an energy supplier or government agency, ask yourself how likely is that a few hours delay would matter.
- If you are suspicious, ask the scammer a question only your friend or acquaintance would know the answer to.
- Secure your voicemail with an unpredictable secure, personal code that only you would know. This makes it more difficult for WhatsApp fraudsters to access your voicemail box to retrieve a WhatsApp verification code.
- If someone asks you to send a verification code, never send it without question. Always seek contact with the person you think you are talking to in a different way. The above is important if the person requesting the verification code is unknown to you. Keep in mind that if a person needs a verification code, they could simply request it again from WhatsApp instead of contacting you.
- Set up “2-Factor Authentication” on WhatsApp. Once this is setup, if installing WhatsApp on a new device, WhatsApp will request the 6-digit code you have set as well as the verification they send you. This will make account hijacking much more difficult to achieve.
Smart WhatsApp usage protects you and your contacts
Remember that the tips provided above are not only important to protect yourself. If criminals manage to hijack your WhatsApp account, they can easily scam your contacts and possibly take over the accounts of your friends and family as well. If you have been less diligent in securing your account and your friends lose thousands of dollars in the process, they might not be talking to you for a while… By following the tips above you protect yourself and your contacts!
I’ve been a Victim of WhatsApp fraud, what can I do?
Being a victim of WhatsApp fraud is unsettling, to say the least. However, try to remain calm. If you realize that you have become the victim of a scam shortly after you have transferred money, you may be able to reverse the payment. In some countries and with certain banks, depending at what stage your transfer is at, you may be able to stop a transfer that has just been made or reverse the payment. However, depending on the circumstances, you might need to act quickly to get your money back.
Wire transfers are usually harder to recover, as they leave your account immediately and are also available for withdrawal immediately. Conduit accounts, for example, are usually emptied out straight away. Furthermore, things can get extra tricky if you have used an online payment service or payment app.
Whatever the scenario or the payment service used, always inform your bank. In the father and son example provided above, the father called his bank and eventually got his money back. Because he contacted his bank quickly, the bank was able to reverse the transfer.
If you have been the victim of fraud and reported it, there is a chance you will get your money back. Again, this may depend on your bank, country of residence, as well as local codes of practice or regulations. In the US, for example, most major banks signed a voluntary code of practice to reimburse victims unless “they ignored their bank’s warnings” or were “grossly negligent”. However, this does not mean they are obliged to issue a refund if you have been tricked into making a payment.
Even when the bank cannot reverse the transfer or does not issue a refund, they would still investigate the fraud claim. This is done to verify the claim and to determine what happened and how it happened. The bank may then in turn warn other customers and protect you and them from future fraud.
It is of utmost importance that you report WhatsApp fraud or WhatsApp hijacking to the police and/or the relevant agency in your country of residence. For example, if you live in the US, contact the FBI’s Internet Crime Complaint Center (IC3), and Action Fraud, if you live in the UK.
You should also report any scam or the receipt of a message from an unknown number to WhatsApp, so that they can warn other WhatsApp users. This can be done very simply from within the app itself. Please refer to our FAQ section below for further information on how to do this.
Finally, we suggest you report the scam to AnyScam, the free scammer reporting service from SCARS Global Fraud Clearinghouse, a worldwide non-profit organization that provides online support and assistance to victims of crime. Some countries also have national help groups for victims of fraud or fraud helpdesks. They can help you deal with the process you go through when you become a victim of fraud and can help prevent future fraud.
Do you have a question about WhatsApp fraud? Read our FAQs below.
WhatsApp fraud is a WhatsApp scam, in which a cybercriminal pretends to be someone you know and asks you for money. Usually the scammer claims he or she needs the money urgently to pay an overdue bill. That is why this is often referred to as a friend or family emergence scam. Do you want to know more? Read this in-depth article about WhatsApp fraud.
It is not always easy to spot WhatsApp fraud and especially WhatsApp hijacking, as the tell-tale signs vary widely. However, the following are definite red flags:
- you have a feeling of being rushed
- the scammer does not want you to call them
- the fraudster asks you to transfer money via a payment service or payment app you may not be familiar with or asks you to transfer money to an unknown account
WhatsApp hijacking is a technique used by criminals to make WhatsApp fraud easier. In essence, all they do is take over your WhatsApp account by intercepting a verification code that has been sent to your phone number.
If you want to know how they achieve this and what you can do to prevent it, read this article.
There are several steps you can take to make WhatsApp fraud a lot harder for cybercriminals. Here are three important ones:
- Set up “2-Factor Authentication” on WhatsApp
- Secure your voicemail box with an unpredictable secure code that only you know
- Try to call the WhatsApp fraudster
There are many more tips that can help you prevent WhatsApp fraud.
You can report a scam to WhatsApp from within the app.
- On an Android phone got to WhatsApp and tap the more options button (i.e. the button has three dots on top of each other like this). Then select Settings > Help > Contact Us
- On an iPhone go to WhatsApp and tap the settings button. Then select Help > Contact Us
WhatsApp suggest that you provide as much information as possible.
If you receive a message from a suspicious unknown number, or a suspicious contact or group, you can report these to WhatsApp from within the chat. To do this complete the following steps:
- Open the chat
- Tap on the number, contact or group name to open their profile information
- Scroll to the bottom and tap on the Report Contact or Report Group link
WhatsApp then receives the most recent messages sent to you from the reported number or the reported contact or group. WhatsApp would also receive information on your recent interaction with the reported number, contact or group.