With over two million users of all ages and backgrounds, WhatsApp is an outlet that has the potential to make us extremely vulnerable to potential cyber crimes.
In December 2022, it was revealed that a database of over 500 million WhatsApp accounts was being sold on the dark web for a few thousand dollars, meaning cybercriminals who made this purchase could gain access to an inexhaustible amount of information on active users.
Pretty much every WhatsApp user may experience attempted fraud. In fact, we may encounter such attempts regularly without even noticing. In most cases, cybercriminals try their infiltration strategies on a pool of potential victims, in hopes that at least some of them will fall for the trap. It's oftentimes enough for one in a thousand subjects to fall for it, and the crime pays itself off. Therefore, if fraudulent messages are sent by the thousands or even millions, only 10 or 20 successful targets will be enough for the hackers to hit the jackpot.
To help you make sure you don't become easy prey, we got together with software company ESET, and made a list of the biggest red flags you should look out for while using the application.
Smishing (short for “SMS phishing”) and verification codes
Smishing, also known as SMS phishing, is a phishing cybersecurity attack carried out over mobile text messaging.
A classic case of smishing would be a message with a verification code that you did not request from any carrier, such as Microsoft, Google, or even WhatsApp. Usually, you will ignore this message. However, once you receive a message shortly after from one of your contacts, in which he/she is asking you for the verification code, claiming that it is an emergency, you are likely to send it over to him/her.
This will grant the cyber predator access, disguised as your contact, to your online account which requires authentication using a code sent to you via message. With this code, the hacker will be able to steal information, or even impersonate you.
Surveys, deals, and raffles - all one big lie
Any message, via WhatsApp or SMS, promising a prize should immediately raise suspicion. If you receive an offer to win a prize, through participating in a survey for example, from any number, even if it's someone in your contacts - chances are it's a fake message.
Given there are legitimate mobile services that offer customer support on WhatsApp, hackers hope that you won't suspect similar messages from your bank that are actually cybercrimes in disguise. Often times these come in the form of warnings of "fraud that may target customers" and requests for immediate action to fill out a form to verify your personal profile details. In some cases, you will be requested to transfer information that could grant the hackers access to your bank account.
Shipping confirmation messages - "Your package is on its way"
Another easy way to grab your attention is by sending a fake message from a shipping company, where you are asked to fill out a form to verify your shipping details and possibly pay a commission it claims you may have missed. People tend to fill out such forms even if they haven't ordered anything recently, on the belief that someone may have decided to surprise them with a package.
Users are especially vulnerable to such messages during periods of sales - Black Friday, holidays, or during the end of the season.
Charity Hoaxes – "Every Penny Counts"
Giving money to charity for a rightful cause is a great way for hackers to take advantage of good-hearted people. These types of scams typically use fake websites which may gain momentum if they manage to get traction.
Donations should be given carefully, following validation that the sums of money are indeed getting to legitimate funds. Usually, the best way to ensure this is to contact the association directly.
Romance Scams
After browsing some dating apps, you finally find a hopeful match, and after a short correspondence, you exchange phone numbers and start texting on Whatsapp. A few days later, you start to understand that you and your crush may not get together any time soon - maybe he lives far away, or maybe he's serving in the military. Nevertheless, the chemistry and intimate conversations blind you from the fact that you may have to wait quite a while for the first date.
The scenario described above is a classic scam technique used by cybercriminals who know how to manipulate users and give false hope that will make asking for help seem legitimate. After creating intimacy, the hackers know that the user on the other side of the screen will give into their sob story as to why they are in dire need of money.
Given the emotional manipulation involved, romance scams are known to be the most harmful.
What's the best way to stay out of trouble?
The golden rule is - always remember that there may be a chance that whoever is talking to you on WhatsApp may be a cybercriminal. With this in the back of your head, you'll be much more conscious of suspicious behaviors. Furthermore, aside from being extremely careful when texting strangers, you can follow these rules of thumb, recommended by ESET:
- Do not transfer money before making sure the request is legitimate. In other words, contact the agent to whom you wish to transfer money directly. Also, remember that legitimate businesses do not use WhatsApp to communicate with customers except through official channels, which can be identified through the name and icon on the WhatsApp account.
- Never share a confirmation code with anyone. If someone sent you their confirmation code by accident, he/she can request a new code. There is no reason for someone to send over a confirmation code to a device that is not theirs, and this is usually not possible given most applications encoded their customers' phone numbers.
- Do not click on random links. If a friend sent you something, ask him what is before entering the link. If you can't stand the curiosity, and you do enter, be aware of grammatical or spelling errors, or suspicious links (unrelated to the original site). Also, keep in mind that most communication with courier companies is usually done via SMS, so receiving such messages on WhatsApp is suspicious as is.
- The same goes for banks - they will never contact you via WhatsApp just to ask you questions. However, if you believe that they may do so, tell them that you are not willing to give over any information through WhatsApp, rather only through their official website.
- The most important piece of advice is to always use the app you downloaded from an official app store, such as Google Play Store or Apple App Store, to update WhatsApp and any other application you use. While there are other trustworthy app stores, such as Xiaomi, Amazon, or Samsung, they are more likely to provide you with older versions of the applications that don't include the latest security features. Therefore, try to always use the most updated version of an application.