Cons and scams are far older than the internet. And while such schemes have increased in the digital age, most are simply variations of old tricks that criminals use to steal, damage, spy, or cause harm. As new generations shift their presence, preferring text messages over phone calls, WhatsApp scams are reaching new highs.
The scammer’s WhatsApp playbook is filled with sophisticated cons that cybercriminals use to either run massive campaigns or specifically target individuals. Let’s take a look at some of the most common scams on WhatsApp and how to defend yourself against them in this guide designed to help you stay safe and enjoy your WhatsApp experience — without complicating your life.
Why do scammers use WhatsApp?
WhatsApp, while home to many legitimate users, is also home to some scammers. Given that it’s a platform currently boasting approximately 2 billion users, it would probably be more of a surprise if there weren’t any WhatsApp scams to worry about.
None of this makes it any more pleasant if you’re a victim of a WhatsApp hack, though. And if you are, you might be wondering why the scammers chose this platform to stage their attack. Here are some of the most likely reasons.
- Popularity: It might go without saying, but WhatsApp is popular. And the more users, the more targets there are for potential hackers. Sometimes it’s as simple as that.
- Familiarity: Most people are very familiar with WhatsApp. Attackers know this, and rely on their targets being lulled into a false sense of security because of it. If their targets feel safe on a familiar app, they’re more vulnerable to social engineering attacks.
- Anonymity: While WhatsApp is owned by Meta, you don’t need a Meta account to use WhatsApp. In fact, all you need is a phone number, and attackers can create fake phone numbers pretty easily using certain apps and services. This grants them a level of anonymity, making it difficult to trace them if they’re found out.
- Easy targets: Because your WhatsApp is linked to your phone number, an attacker might find it easier to find and contact you than on other platforms. They could, for instance, find your number by looking for any service you’ve entered it on that’s been breached or has leaked customer data.
Don’t let phishing lead to hacking
Can you get scammed on WhatsApp?
Unfortunately, you can get scammed on WhatsApp. A WhatsApp scam is, at its core, no different from any other kind of phishing or social engineering scam. The only difference is the medium through which the scam message is sent.
How do WhatsApp scams work?
WhatsApp scams begin like any other: An attacker finds one or more targets. This usually involves finding one or more phone numbers to scam on WhatsApp. The numbers might be picked at random, or they might be more targeted.
Once the WhatsApp scammer has their target(s), they send a phishing message to them. This message might pretend to be someone you’re likely to trust, such as a bank requesting verification, Amazon requesting delivery details, or someone pretending to be your son or daughter using a new phone.
The WhatsApp message will either try to get you to engage in conversation so the scammer can spend more time convincing you of their pretext, or it might try to get you to click a sketchy link or send money right away. In any case, the scammer will be looking to harvest your personal information, install malware on your device, or steal money from you.
The 15 most common WhatsApp scams to watch out for
This list will dive into the most recent scam trends and techniques and reveal how they work. The following scams can bypass WhatsApp security features, so it’s essential that you understand how they operate so you won’t fall for them.
1. The desperate son
This scam is simple but effective because it preys on basic human emotions and behavior. To pull off this trick, cybercriminals only need to search for victims who are parents. Once he has the mother’s or father’s phone number, they send them a text impersonating their son or daughter.
How it works:
- You receive a WhatsApp message from an unknown number claiming to be your son or daughter.
- The cybercriminal gives a convincing reason why your son is contacting you from an unknown phone number (lost phone or borrowing a friend’s phone).
- Immediately the scammer presents a desperate situation that requires urgent attention.
- The scammer asks for money to solve the “desperate situation” and provides a bank account or digital wallet for the transfer.
To avoid this scam: If you are a parent and your son or daughter contacts you with an urgent problem from an unknown phone via WhatsApp text asking for money, call your son or daughter immediately. Once you confirm that it is a scam, report, delete, and block the WhatsApp scammer’s contact info.
2. WhatsApp dating scams
WhatsApp dating scams are particularly nefarious because scammers will spend weeks or even months preying on people’s loneliness and desire for connection. And while such scams are as old as the internet itself, they have become far more dangerous, with scammers now employing AI to fake images, voice messages, and entire video chats.
People you meet on dating apps, job boards, or marketplaces often insist on moving the conversation to WhatsApp because it allows the scammer to communicate privately, avoid platform moderation, and build trust faster.
Love scams on WhatsApp can sometimes be the targeted extension of a phishing scheme, but more often than not, they use a scattergun approach. By sending countless messages to as many numbers as possible, the scammer hopes that a few will take the bait and reply.
Unlike more obvious scams, a romance scammer on WhatsApp will work hard to earn your trust, lulling you into a false sense of security and emotional connection. Eventually, they’ll start asking for money or expensive gifts. In some cases, they might claim to be in some debt or financial trouble and ask you to help them out.
But it’s not always money. Sometimes, the WhatsApp scammer might urge you to visit a sketchy website that will install malware on your device. Other scammers may lure victims into a “pig butchering” investment scam, where they build emotional trust over time and convince the victim to invest in a not-yet-public crypto scheme, promising high returns before gradually extracting money. This naturally leads to understanding the broader world of crypto scams.
3. WhatsApp crypto scams
Crypto scams on WhatsApp can come in all forms, but the goal is always the same: to steal your money with the promise of returns on your crypto investments.
WhatsApp scams with crypto incentives can be particularly pernicious because they prey on those less familiar with the security concerns surrounding the fledgling cryptocurrency industry.
How they work
A WhatsApp crypto scam will usually try to convince you to invest in a certain kind of cryptocurrency via a specific link or to use a specific crypto trading platform.
The WhatsApp scammer might be direct, pretending to be a crypto investment guru and offering you advice if you simply enter your information on their website. However, this information, if you enter it, will invariably be used for nefarious purposes such as account takeover, identity theft, or bank account theft.
The scammer might also be indirect, pretending to be someone who got the wrong number. They might hope you’ll continue the conversation with them if you’re lonely. After gaining your trust over weeks or even months, they might try to get you to join a crypto trading platform, which, when used, will send your money directly to them.
Can you be catfished on WhatsApp? Not only is this a possibility, but the Federal Trade Commission has revealed that over 46,000 people reported more than $1 billion in crypto scam losses in 2021. And approximately one in every three of those dollars were lost to crypto romance scams.
4. WhatsApp scam with an Asian lady
While similar to the fake romance scams, “Asian lady” WhatsApp scammers take a more targeted approach to their victims. Instead of casting their net far and wide, they prey on a specific demographic that prefers Asian women. This can also help the scammer disguise their English language skills, hiding behind the pretext of being a foreigner.
Sometimes, you may hear references to a “Chinese woman” or “Asian woman” on WhatsApp – this is basically the same type of scam.
After spending some time building trust with the victim, usually by employing some AI-generated assets to share, the scammer will start asking for expensive gifts or direct payments.
5. The Nigerian prince scam
At this point, the Nigerian Prince email scam is old enough that it has become a common joke online. From the early days of the internet, people received emails that claimed to be from a mysterious Nigerian prince willing to leave them millions in his will, if they’d only pay the processing or transfer fees. However, this scam has evolved, recently moving to WhatsApp and impersonating a wider, more believable variety of fictional characters.
Here’s how it works. You receive a WhatsApp message, typically with a country code +234, which is the code assigned to Nigerian phone numbers, from someone claiming to be a rich individual looking to give away their wealth. Although there are many variations to this con, there is one common theme: Before giving you this money, the individual needs a smaller payment from you, usually some form of taxes or attorney fees.
Naturally, the whole thing is a hoax. If you do end up sending the money, you’ll never hear from this person again. Not to mention, you’ll likely have no way of getting your money back, even if you contact your bank or the financial service you used.
Beware that not all Nigerian WhatsApp scams are this obvious. Generally, you should avoid talking to strangers over WhatsApp, especially if they ask you for money or sensitive information. Immediately block and report the contact, and delete the conversation.
6. WhatsApp job scams
Job scams aren’t always easy to identify, especially if you’ve recently been sharing your CV and phone number through job applications online. Some legit recruiters may contact you via WhatsApp, but these are far and few in between. Always double-check their identity over email.
As for scams, there are signs to look out for. For example, if the messages are unsolicited and don’t specify where they got their contact information, this is a red flag. Also, these job scammers might promise you an unusually large amount of money for doing simple tasks, emphasizing schedule flexibility and the ability to work from anywhere.
7. Fake blackmail
In this scam, cybercriminals pretend to have obtained sensitive information, videos, or photos from you. They will ask for money in exchange for not releasing the files to the public. The scam is similar to ransomware extortion, but the main difference is that the scammer never hacked you, nor does he have the files or information.
How it works:
- The attacker contacts you assuring that he has obtained sensitive files.
- He asks for funds in return for the files and promises not to leak the information or make it public. The scammer may even show you some photographs or information he obtained via a quick search of your social media to apply pressure.
- The scammer usually demands cryptocurrency payments and may continue blackmailing you, or they may simply disappear.
8. The verification code con
One of the most-used methods to hack a WhatsApp account is to trick users into giving away verification codes. Once a hacker has your verification code, he can change the number on your WhatsApp, along with all verification methods, and block you out of your own account. He might also use this access to breach your accounts on other sites or hack your friends, family, and contacts. This is a common WhatsApp phishing technique used not only to hack individuals but to gain access to organizations.
How it works:
- You first get a push or an SMS verification with the WhatsApp verification code that you did not request.
- The attacker then contacts you and explains that he made a mistake when putting in his phone number and asks you if you could share the code you received.
- If you share the code, you are sharing full access to your WhatsApp account and will lose control over it.
To avoid this scam: Not only should you not respond to unknown contacts demanding suspicious actions from you, but you should also always ensure that your verification number is correct and has not changed.
9. WhatsApp Gold scam
The WhatsApp Gold scam has been around for several years. The reason it’s still used is that it is simple but effective.
How it works:
- You get a WhatsApp message that looks very official and offers you an upgrade to WhatsApp Gold, a premium service of messenger applications that does not exist.
- While the fee to get this fake, nonexistent premium service is low, once you pay attackers, they steal your financial credentials.
- If you ignore the message and block and report the scammer, nothing will happen. But if you fall for it, you will suffer financial losses and never be able to recover your money.
10. Friends and family scam
Once a cybercriminal hacks a WhatsApp account, he will begin scamming that account’s contacts. That includes friends, loved ones, and families. In this scam, attackers use a hijacked account to trick users into giving away money or credentials.
How it works:
- You will first get a WhatsApp message from a cybercriminal posing as your friend, a family member, or a partner.
- The message will create a story with urgency. They will ask for help and demand money, or they’ll ask you to verify a code or share personal information.
- As with all attacks, the hacker will vanish into thin air once the scam is complete.
11. Lottery, gifts, or surveys
Cybercriminals preying on victims via WhatsApp will often claim that users have won the lottery or earned a gift. All they have to do to gain access to their prize is complete a survey. The purpose of this scam is mainly financial theft, but sometimes, when downloading documents or surveys from the scammer, they will install malware to steal data.
How it works:
- You will first get a WhatsApp message from cybercriminals promising a gift, asking you to take a survey, or congratulating you for winning the lottery. The messages are designed to look very legitimate and convincing.
- The sender then can ask for a fee in return for the prize, your personal tax information, or your credit card or bank information to confirm. They can also direct you to download a document or fill in a survey on a website that contains malware.
To avoid this scam: Always check with official sources if an agency or organization contacts you. It might just be someone posing as a representative. In general, always question anything that sounds too good to be true.
12. WhatsApp video call scams
While scammers on WhatsApp might be known more for WhatsApp spam calls than for live video calls, it’s not unknown for them to use video streaming as part of their ploy. Usually, when a scammer uses a video call, it’s to increase trust and make you more likely to fall for their scam.
How they work
Most WhatsApp scams involve the scammer trying to convince you they’re someone else. As such, they probably won’t video call you if they can avoid it because this would show they’re not the person they’re pretending to be.
Some scammers, however, will attempt to use this fact to their advantage, thinking that if they video call you or seem to attempt to video call you, you’ll be more likely to trust that they are who they say they are.
They might do this by making the connection so unstable and low quality that you can’t tell who is on the other end. Or, they might use a fake video. For instance, if it’s a romance scam, they might use a fake video of a woman whose pictures they’re using to catfish you.
In most cases, the scammer will video call you to try to make you trust them. In some cases, however, they may be looking to get a screenshot or video of you when you answer to use for blackmail or identity theft.
13. WhatsApp tech support scams
A tech support scammer will claim to want to help you solve a technical problem with your WhatsApp account or your device. They then try to gain access to your account by asking you to send them verification codes and one-time passwords (OTPs) to your WhatsApp account, social media accounts, or even your email or bank account.
14. Fake voicemail scam
In a fake voicemail scam, also known as voicemail phishing or vishing, a scammer will send you a voicemail message urging you to click on a link or call a specific number. They usually cite problems like account lockdown or late fees to get you to act with urgency.
15. Gift card and coupon scams
With this kind of scam, you’ll receive a WhatsApp message from an unknown number claiming that you won a gift card or some coupons. In order to receive them, you simply have to pay a small processing fee. Like the Nigerian prince WhatsApp scam, you’re unlikely to ever hear from the number again after paying them.
Fortunately, there are ways to keep safe from con artists and scammers on WhatsApp.
How can you spot a WhatsApp scam?
Spotting a WhatsApp scam is pretty easy. Unless you’re the unlikely target of a sophisticated spear phishing attack, looking out for the following signs should suffice.
Unknown contact
If you’re messaged by a contact you don’t know, treat them with caution. WhatsApp scammers might pretend to be someone you know, but if it’s a new contact, WhatsApp should tell you, and you can cross-check their phone number against the number of the person they’re pretending to be.
Too good to be true
Some WhatsApp scammers will try to lure you in with the promise of a monetary reward, romance, or even a job. But it’s unlikely that a stranger would reach out to you over WhatsApp to offer one of these things. So, if it sounds too good to be true, it probably is.
They don’t know your name
Most scammers send their messages to lots of people in the hopes that just a few of them will take the bait. As such, scammers usually won’t know your name and will instead use a generic greeting such as “hey.”
Some scammers might call you something generic but personable, like “mom” or “dad,” in the hopes that some of the people they send the message to are parents who will fall for it.
Spelling and grammar mistakes
One common sign of a WhatsApp scam is bad spelling and grammar. While even legitimate senders can make spelling and grammar mistakes, scammers tend to make a lot more.
Asking to share personal information
If a WhatsApp contact starts asking for your personal information or directing you to a website that’s asking for it, be on guard. Scammers will often try to get you to give up your personal information so they can sell it on to other hackers or attempt to commit theft, account takeover, or identity fraud.
New number
One common social engineering strategy WhatsApp scammers employ is to pretend they’re someone you know who’s got a new phone and has a new number. This becomes their pretext for why they’re not showing up as a contact on your phone.
To make this pretext more believable for more people, they often call you a personable but generic name, such as “mom” or “dad.” These kinds of scams will usually try to get you to do something like send money to the scammer urgently, because the longer you talk to them, the more likely you are to realise it’s not your real relative or friend.
Steps to take if you get scammed on WhatsApp
Despite it being a secure application, WhatsApp, as with any communication platform, isn’t immune to scammers. Opening yourself up to scams is, therefore, one of the dangers of using WhatsApp.
But if you do get scammed on WhatsApp, there are steps you can take to mitigate the damage, provided you act quickly. Here’s what to do:
- Block the scammer (either press Block in the notification box for an unknown number, or for a saved contact, click the three dots, then Report and Block.) Then delete the conversation.
- If you’ve given away any banking information or information that could be used to steal your identity, freeze your credit, report it to your bank and credit card companies, and follow the rest of our tips on our identity theft response guide.
- Change your passwords on your accounts.
- Enable two-factor authentication (2FA) for WhatsApp by going to your WhatsApp Settings and navigating to Account > Two-step verification > Turn on. Then, enter a PIN and an email address to use for WhatsApp 2FA.
FAQ: WhatsApp safety tips and scam alerts
If you use WhatsApp daily to communicate with family, friends, and work, you need to be aware of some of the most common scams that utilize it.
While you likely won’t get hacked by revealing your WhatsApp number alone, sharing it does make you more vulnerable to all sorts of scam and spam messages.
GhostPairing is when scammers link your WhatsApp account to their own device. They can do this by tricking you into sending them your account’s QR code and approving the new device.
Malicious QR codes can be sent over WhatsApp, taking you to websites that contain malware or fake login pages designed to steal your login credentials.
WhatsApp’s end-to-end encryption is only there to keep your messages private between you and the person you’re talking to. If you’re chatting with a scammer, the encryption can’t do anything to protect you from exploitation.
Immediately disconnect your device from the internet and delete any files that were downloaded. You’ll then need to run an antivirus scan and change your account’s login credentials just to be safe.
Dialling specific MMI codes can redirect your calls to a scammer. These can be injected into pre-written phone numbers of “call us” buttons. This can be avoided simply by dialing the number manually to make sure nothing suspicious is attached to it.
How to protect yourself from scams on WhatsApp
Cybercriminals are constantly creating new ways to trick victims. Keeping up with every different strategy would be impossible. However, there are some simple tricks you can use to protect yourself.
Don’t talk to strangers
Cybercriminals do not use complex hacking tricks to execute the majority of WhatsApp scams. All they need for most cons to work is for you to willingly engage with them in some way. A high percentage of fraud starts when a user receives a message from an unknown contact with suspicious demands. The rule of thumb is never to talk to strangers. Report, mute, and block the user immediately without responding. If you don’t talk to the scammer, they cannot run their con.
Practice digital hygiene
Practicing digital hygiene can keep you safe from all sorts of online scams and malware, including WhatsApp scams. It’s about developing a sense for what looks like a scammy website compared to what’s legitimate.
You can make use of Moonlock’s Security Advisor to help you with this mindset change. Moonlock offers a 7-day free trial, so you can start using the Security Advisor right away. It helps you build the habit of choosing stronger passwords and checking links before clicking them.
Keep your device and WhatsApp app updated
Older OS and outdated software are at a higher risk of being targeted by hackers because they don’t have the latest security patches. Also, make sure that any updates you install come from official sources, like the App Store, to avoid accidentally infecting your Mac or iPhone with malware.
Check your privacy settings
When you create your WhatsApp account, your privacy settings are set at the most relaxed customization possible by default. This means that any WhatsApp user can see information such as your profile image, when you log in, if you read messages that are sent, and if you are online. Contacts can also see your status updates, and any user, whether he is one of your contacts or not, can add you to groups. Limiting access to this information will make it more difficult for scammers to trick you.
Guard your verification codes
Verification codes are critical to getting access to your WhatsApp account. Be very vigilant if you receive a verification code you have not requested. Whether you get one via SMS, a phone call, or push notifications, never share your codes with anyone, no matter how believable the story they present.
Report, block, and delete
If you get any suspicious messages or are in doubt about a contact, immediately report, block, and delete it. This will not only prevent the attacker from contacting you again but will notify WhatsApp’s support and security team so that the contact cannot try to scam others. The scammer, once identified by the WhatsApp security team, will face legal consequences, and the block will prevent them from doing further harm.
How can you stop getting scam messages on WhatsApp?
Besides changing your privacy settings, there is no way to avoid getting spam messages or spam calls. WhatsApp recognizes the issue and says, “Just like regular SMS or phone calls, it’s possible for other WhatsApp users who have your phone number to contact you.” WhatsApp’s advice is to delete and block spam or unwanted messages.
How to report a WhatsApp fraud
You must report scams — not just block them, mute them, or delete them. And you can report a scam or fraud in just a few simple steps.
To report a user:
- Open the chat with the user you wish to report.
- Press Options and select View contact.
- Press Report and Block (or only Report).
When this is done, WhatsApp will receive the last five messages sent to you by the person you reported. The scammer will not be notified that you have reported them. WhatsApp also receives the reported group or user ID, information on when the message was sent, and the type of message sent (image, video, text, or other).
You can also block a user or group to stop getting messages, calls, or files from them.
To block a contact:
- Navigate to Options > Settings > Account > Privacy > Blocked > Add new…
- Search for or select the contact you want to block.
- Press Block.
Or:
- Open a chat with the contact you want to block.
- Navigate to Options > View contact > Block.
If you feel that you or someone you know are in immediate danger, contact local authorities.
With over 2 billion active users, WhatsApp is the world’s most-used instant messaging app. And WhatsApp scams, frauds, cons, and hacks show no sign of slowing down. In fact, the situation is quite the opposite.
One way to keep yourself safe is to be aware of which online services—whether it’s WhatsApp, your bank, or your social media accounts—will never ask you for your passwords or PINs over unsolicited calls or messages. It’s important that you practice simple security policies that require no technical knowledge to stay safe.
