The Nefarious World of WhatsApp Scams

Communication has undergone huge changes since the inception of the internet. Instant messages are now a part of our daily routines, and depending on the country you are in, you’ll find yourself using different communication platforms. WhatsApp was created back in 2009, and it has become the preferred way to communicate with friends and family all over Latin America, in contrast to the preference for SMS in the United States (Lekab, 2024).

WhatsApp is one of the most popular ways to communicate via text or phone calls; by 2014, Meta, previously known as Facebook, acquired WhatsApp. Nowadays, you can easily find it in the App Store or Play Store, depending on your device’s operating system, and a desktop version for computers is also available.

However, our topic today is the often nefarious intentions behind innocent messages such as “Hey, look at this cute cat video” with a suspicious link. The potential trouble these scams can cause is huge, especially when the message appears to come from one of your trusted contacts.

Multiple ways of scamming.

It is no surprise that scammers and hackers are always trying to find vulnerabilities within the Meta servers, and WhatsApp has faced security breaches involving private data being compromised (Silva, 2023). Since WhatsApp’s rise in popularity, scammers have gotten more sophisticated. One can find pages and forums advertising different versions of WhatsApp, but in fact, none of these “different versions” are Meta-sanctioned or related in any way.

They often promise more add-ons and have names like WhatsApp Blue or WhatsApp Plus. What one will come to find out if they actually click on these links or download these apps is that their device is infected with viruses that give these hackers full use of their phone and destroy all privacy.

[related-article title="Latin America in the Age of AI: Embracing Innovation with Paolo Miscia" url="https://www.greenbook.org/insights/latam/latin-america-in-the-age-of-ai-embracing-innovation-with-paolo-miscia"]

The malware in these “different versions” of WhatsApp will get data such as one’s International Mobile Equipment Identity (IMEI), country code, and net code, which may include a list of contacts. Meta is aware of this scam, and they’ve banned accounts that are being used in modified versions of WhatsApp. They urge their users to get the app via the officially released pages.

However, what happens in the aftermath of falling for such a scam? The information gathered by the scammers is used in innocent-seeming messages sent from your account to all of your contacts. These messages have enticing titles, often relating to discounts or sales, to lure your contacts into opening suspicious links. Importantly, scams via text message aren’t the only form of attack.

There are multiple reports of WhatsApp accounts being hacked via voicemail. This exploit comes from a security failure in WhatsApp's voicemail system (Fernández, 2022). The user does not even need to click on anything nefarious; instead, the scammers are able to install an app remotely during the night while the victim's phone may be turned off or left unattended.

Another way this is achieved is by calling the victim during the day and keeping them on the line while another scammer calls and accesses their voicemail. To go into a bit more detail about this process, when installing WhatsApp, one is asked to choose a method by which to get a unique verification code - either a text message or a phone call. 

When one chooses a phone call, the platform will automatically call the victim and give a six-digit code. In this scam strategy, since the victim is actively on a phone call, sleeping, or has their phone turned off, the automatic message is saved as a voicemail. The majority of phone companies allow you to have remote access to your voicemail with the same phone number and 4-digit PIN.

To get access, the scammer just needs to call and type in the password; if the victim has never changed this, it should be as simple as 0000 or 1234. This allows them to get the verification code and, that way, steal the WhatsApp account. As of November 2023, this form of scamming is most common in Mexico, but there have been cases in Asia, Africa, England, and the United States, too (Silva, 2023).

Recommendations

As navigate an ever-changing digital world, we need to be committed to protecting our privacy and security. If you are an avid WhatsApp user and enjoy sending your animated stickers, emoticons, video links, or making video calls to your contacts, then checking your voicemail settings can help protect you from cyberattacks. Additionally, activating two-factor authentication in WhatsApp can add more security to your account.

Businesses using WhatsApp to conduct their transactions, marketing, or services should make sure to take privacy and security measures as well. Monitoring the database, partners, and vendors, you’re reaching out to; making sure any links sent include “HTTPS” (Hypertext Transfer Protocol), where the ”S” means “secure”; changing passwords from time to time; keeping your WhatsApp Business app updated to the latest version to ensure you have the latest security features and fixes; and enabling two-factor authentication all add extra security for both businesses and customers when conducting business in WhatsApp.

For the most up-to-date and detailed recommendations, check the official WhatsApp Business Help Center or related resources provided by WhatsApp itself. Cybersecurity websites and reputable tech blogs often publish articles on securing messaging apps, including WhatsApp. Always be cautious and verify information from official sources (WhatsApp, 2024).

When conducting business of any kind, including market research, it’s important that customers and participants have trust in the organizations they’re engaging with. Implementing robust and effective security measures is an important step in keeping the trust of the people with whom we engage.