Want To Stay Safe From WhatsApp Scams? All Details You Must Know

A new scam has started popping up on the most used instant messaging app in the world, leaving many people either confused, curious or conned. Users of WhatsApp, the world’s most popular messaging app, have recently experienced a massive surge in incoming calls and messages from unknown international numbers with lucrative job offers. these offers say that one only requires a few simple steps and a couple of minutes of one’s time—like a couple of YouTube videos, share screenshots and instantly have Rs 500 or more credited to your bank account—it really does sound too good to be true. 

But that’s where the problem lies, because as the saying goes, “if it’s too good to be true, it probably is.” 

These scams have been going around for a few days now at the time of writing. According to a few individuals who followed through with the process just to see the end result, it came to light that after a while, the scammer begins to ask people to send them money with the promise that they will receive the amount along with interest; however, once the money has been sent, the scammers either stop replying completely or claim that they can’t send the money back due to issues with the payment processor.   

According to one such individual who posted about their findings, they were added to a group chat with other such “employees,” and out of the total 5400 participants in the group chat, almost half seemed to be people from within the scam operation or bots, while the other half were unsuspecting individuals who genuinely thought they would be making money. 

But let’s take a step back and understand a little about the tactics that scammers use to pull off these cons and more importantly, how to stay safe from them. 

In order to get a better understanding of the various aspects of these scams, BW Businessworld spoke to Huzefa Motiwala, Director of System Engineering at Palo Alto Networks and Bart Willemsen, VP Analyst at Gartner.   

As per Motiwala, reports of a new WhatsApp missed call scam had begun circulating in early May, preying on users who are “curious and cannot resist returning calls from missed international numbers.” He notes, however, that with Voice-over-Internet-Protocol (VoIP) calls, the displayed number with an international ISD code could originate from the same country as the user.  

He goes on to explain that “One tactic employed by malicious actors is to identify countries with lenient regulations and continuously acquire new numbers in small enough batches to avoid flagging WhatsApp’s spam detection systems all at once. Another is that malicious actors are burning through a larger cache of phone numbers they gained access to, thereby getting banned quicker but reaching a wide set of potential victims swiftly in the process. 

Scammers are using AI to add a degree of automation and obfuscation here, with the latter being achieved through international calling codes of countries such as Ethiopia, Malaysia, Indonesia, Kenya, and Vietnam.”  

How does a scammer get access to international numbers?   

According to Willemsen, “In basis, the misrepresentation of calling from (international) numbers (called caller ID spoofing or phone number spoofing) can be obtained as a service offered by spoofing services. There are several tools available to criminals for example used on Voice-over-IP (VoIP), which doesn’t operate over conventional phone lines but over the internet, where it is possible to misrepresent not only a number but also add a name and not only in instant messaging apps but also in text messages (SMS).”  

How and why are they that different from the other scams?   

Willemsen comments on this, saying, “I don’t think they’re that different. Malicious actors will try anything that works easily and at scale to reach people and lure them into a scam. This can vary from offering a remote job, asking for help in transferring money regardless of what scenario, or misrepresent someone potentially known to the target to extort them into sending money.”  

 What is the ultimate goal of the scammer?   

 According to Willemsen, “This may vary. Tell-tale signs always include an unknown origin (number spoofed, or simply an unknown sender/incoming caller ID), what may seem to be a pre-recorded message or not specific enough to you as an individual, a demand or request for any personal information, or for payment of any kind, often flanked with a great sense of urgency, causing targets to panic, not verify, and engage or react quickly.”  

Motiwala includes some of the motives behind these scams, stating, “The goal of the scammer is usually to gain access to personal or financial information for illicit purposes or use the victim's account as a platform for fraudulent activities.” According to him, some of the possible outcomes are financial loss, identity theft and malware installation.  

What are some precautionary measures?  

Willemsen provides some good general rules to follow to stay safe from scam calls, including not interacting with any incoming communications, regardless of platform. One should only engage after verifying whether the source is safe and reliable. He also notes that spam blockers should be used and that both Apple and Android systems already have them built-in. It’s also a good idea to block and report suspicious callers. One important point he notes is to stay silent when on phone calls, as he says, “It may take only 3 seconds of your voice recording to use it for further misrepresentation, for example using generative AI platforms like Vall-E.” 

Motiwala also includes a few additional points that should be worth noting. Enabling two-factor authentication (2FA) is important as it adds an extra layer of security and privacy to account access. Software should be always kept up to date, as it “ensures that the device is protected and up-to-date against any potential security risks.” Regularly updating passwords is also a good practice in order to stay safe from potential hacks. He finally notes that maintaining vigilance is a good idea - to know what scams are going around and how to stay safe from them.