Many of us know about them, not least because we’ve all heard time and again over the years about sneaky telephone scams. But scammers have long since gone digital — and, we’re sad to say, they’re extremely good at online scams too. Among them, WhatsApp scams are some of the most common. Read on to learn about the many and varied scams WhatsApp swindlers use and how to protect yourself from online scammers with suitable tools like Avira Free Security.
WhatsApp phishing attempts
Cybercriminals are always coming up with new phishing methods to harm as many smartphone, PC, Mac, and laptop users as possible by infecting the devices with malware or stealing personal data. And WhatsApp has now also become a very lucrative tool for their digital scams.
WhatsApp’s enormous audience alone makes it a very attractive tool for all kinds of phishing attack. Almost without exception, online scammers aim to obtain sensitive data to use not only to steal data but also cause financial harm — such as by gaining access to your online banking info. To illustrate this, here are two of the latest examples of WhatsApp phishing attempts from 2022.
WhatsApp Notifier
At the start of 2022, the spoofed name WhatsApp Notifier sent a phishing email to unsuspecting WhatsApp users that they’d received a voice message in WhatsApp which they could listen to straight away. To hear it, the play button was conveniently located directly in the message. If they clicked or tapped it, though, no message was played; rather, the recipients ended up on a website where they were first asked to confirm that they weren’t a robot. If they then clicked or tapped “Allow,” their browser got flooded with offensive ads and they also downloaded malware that made their personal data an open book for hackers.
According to Bleeping Computer around 27,000 users got sent the email.
Oktoberfest 2022
You probably know how chain letters work: You receive a message with a link, find the content funny or the offer tempting, so share it with multiple friends. In turn, the recipients do the same thing, and so on. This multiplies the number of phishing message recipients many times over — something the scammers are fully aware of.
The well-known beer brand Becks in Germany was supposedly running a prize draw: A chance to win one of “5,000 mini refrigerators”, with the raffle taking place in time for Oktoberfest 2022. Entrants were then directed to a bogus site and asked to provide personal information — a great source of income for hackers.
Given the attractiveness of the prize combined with a strong chance of winning (5,000 refrigerators after all!), many clicked or tapped the link in the WhatsApp message and shared it. The Westfälische Nachrichten, a German daily newspaper, explicitly warned against this WhatsApp phishing attempt in August 2022.
Check out the following link to learn more about how phishing attempts generally work.
Supermarket voucher scams
Shopping voucher scams may seem harmless, but they are no less sneaky. This form of scam has been doing the rounds on social media for years, and here too, the scammers almost exclusively aim to obtain personal data and then sell it on or use it for unwanted ads.
At the German supermarket chain Edeka, for example, a company anniversary was used as an opportunity to start a new wave of fraud with bogus vouchers. And as if a legitimate-looking bogus copy of the website wasn’t enough, a YouTube video of the company was also embedded to add to the fake authenticity. This made it virtually impossible to tell the bogus website from the original.
While an internet address like winbigtime.com ought to have set off alarm bells, many users didn’t pay attention and didn’t even raise an eyebrow when asked to forward the message to ten friends. And again, this WhatsApp scam used chain letters to spread itself — with the hackers wanting to collect as much user data as possible and sell it on.
As long as the scammers are “only” interested in getting your address details, this is at best annoying. However, shopping vouchers can also be used to encourage you to download an app. And this is where things take a turn for the worse, because much more dangerous malware can quickly end up on your smartphone.
Fake apps on WhatsApp
Fake apps that can be distributed via WhatsApp also pose an ever-greater security risk.
For example, since the beginning of 2022 a WhatsApp message has been doing the rounds asking users to download an app. This link was advertised with a fake competition with a smartphone as the main prize. To be in with a chance of winning it, all you had to do was download an app. The inserted link redirected the unsuspecting victims to a — surprise surprise — fake Google Play Store. If you downloaded the app from there, you’d end up with nothing else than having extremely sinister malware installed on your smartphone.
What’s dangerous in this case is that this malware spread itself through messages thanks to access to the victim’s WhatsApp notifications. This means they unknowingly sent an automatic reply to every incoming message, which contained the link to the fake Play Store, meaning the malware could spread almost unhindered.
In this example, the malware was used for subscription scams and adware, but hackers also have other aims. No matter what they are, they’re always about causing financial and/or personal damage.
Grandchild scam
Unfortunately, WhatsApp has taken over the mantle from the telephone, where the grandchild scam is, sadly, back on track to enjoy an inordinate amount of success. In Germany, for example, police authorities across the country are now regularly reporting new cases of the grandchild scam being carried out on WhatsApp.
In 2022, police officials reported financial damage to the tune of around 500,000 euros has been caused in the 1.9 million-strong metropolis of Hamburg alone — and that was just up to the end of August. By the end of the year, the damage will be significantly greater. “We assume that the number of unreported cases is high, as many attempts at fraud are probably not reported at all,” said a spokeswoman for Hamburg’s state criminal investigation department.
A WhatsApp message from a scammer sent to an unsuspecting older person might say something like: “Hi Grandpa, I just had an accident and need to give the other driver 500 euros. I can’t reach mom right now — can you help me? By the way, this is my new cell phone number.” Such a message is often ended with “Hugs” or emoji, but without a name.
Older people often fall for this malicious trick because they perhaps only have a few social contacts and are so happy about a message from a grandchild that they don’t pay a second thought that all might not be what it seems.
Getting an older person’s cell phone number over the internet isn’t even particularly difficult. And even if not all potential victims use WhatsApp, there’s a good chance that a scammer will use the grandchild scam to steal larger sums via WhatsApp.
“Hello mom”
The WhatsApp grandchild scam, which is sometimes difficult for the intended recipients to understand, is aimed not only at supposed grandparents but also at parents.
In this case, potential victims will also receive a message that could begin as follows: “Hey mom. My cell phone broke. This is my new number.”
The con works like the grandchild scam: An unknown number sends you a message pretending to be a son or daughter whose cell phone is broken. After the familiar-sounding greeting including emoji, the scammers quickly get to the point. With a supposed emergency they aim for nothing else than to rob their victims of money.
“I need to pay a bill today, but I can’t access my online banking details. Can you deal with it for me? You’ll get the money back tomorrow.” Honestly, though, who wouldn’t want to help their child out of trouble in such an unfortunate situation? Real-time transfers are quick and easy. However, the money then usually ends up in an account that the hackers have set up and empty immediately once the payment’s been received.
Of course, you won’t be able to call your child after receiving the messages via WhatsApp because “the new cell phone still needs to be set up” — and it would only take a phone call to ascertain that it’s not your son or daughter who’s in trouble and needs help.
How can I protect myself from WhatsApp scams?
WhatsApp scams are designed to trick you into giving up personal information that can then be easily resold. However, things get much more dangerous if you unknowingly download malware via WhatsApp — as mentioned.
But you can protect yourself and your loved ones from rip-offs and other scams via WhatsApp in a variety of ways.
Here’s how you can improve your protection against WhatsApp scams
First, you should of course keep in mind that, given the current increase in WhatsApp fraud cases, having a “healthy distrust” is definitely helpful to avoid potentially imminent personal and/or financial damage.
- Pay attention to the tone and spelling in the WhatsApp messages you receive. In particular, if the language chosen is a bit strange and links are included, this could be a sign of a WhatsApp scam.
- Be cautious about forwarded messages with links or file attachments, as they could be phishing chain letters.
- Code words that you agree on with those closest to you can improve your online security in the case of sensitive phone calls and chats — and protect you from the grandchild scam.
- If you’re unsure if you’ve actually been contacted by the person they say they are, ask specific questions that only the actual person can answer.
- Since perpetrators often access publicly available data to select their victims, it’s best not to publish your own number online.
- Protect your WhatsApp profile picture so only your contacts can see it.
- Always be extremely suspicious of requests for money transfers via WhatsApp (and other messaging services).
- If you feel you’re being lured into a scam or have even fallen victim to one: Never ever delete your chat history — the police need it for their investigations.
- If it turns out that you have been scammed, report it to the police.
Security and app updates can help protect you against WhatsApp scams
Every system update can plug newly discovered security holes, so you should install these updates as soon as possible. And you should always use the latest version of WhatsApp.
You should use a private Wi-Fi network for the updates, as the servers on public Wi-Fi hotspots could be configured less securely and pose a further security risk.
Antivirus software can help strengthen your protection against the fallout of WhatsApp scams
Although you can’t prevent yourself from receiving fraudulent messages via WhatsApp even with a tried-and-tested security solution like Avira Free Security, this this antivirus software can help you prevent your device potentially being infected with malware, which can also help you improve the protection of your WhatsApp account.
Avira Antivirus Security for Android is available for your Android smartphone and tablet. For your iPhone or iPad, use the comprehensive security solution Avira Mobile Security for iOS.
In the Google Play Store, Avira Antivirus Security is called “Avira Security Antivirus & VPN” — an immediate giveaway that this app does much more than provide antivirus protection.
