Cons and scams are far older than the internet. And while such schemes have increased in the digital age, most are simply variations of old tricks that criminals use to steal, damage, spy, or cause harm. As new generations shift their presence, preferring text messages over phone calls, WhatsApp scams are reaching new highs.
The scammer’s WhatsApp playbook is filled with sophisticated cons that cybercriminals use to either run massive campaigns or specifically target individuals. Let’s take a look at some of the most common scams on WhatsApp and how to defend yourself against them in this guide designed to help you stay safe and enjoy your WhatsApp experience — without complicating your life.
Why do scammers use WhatsApp?
WhatsApp, while home to many legitimate users, is also home to some scammers. Given that it’s a platform currently boasting approximately 2 billion users, it would probably be more of a surprise if there weren’t any WhatsApp scams to worry about.
None of this makes it any more pleasant if you’re a victim of a WhatsApp hack, though. And if you are, you might be wondering why the scammers chose this platform to stage their attack. Here are some of the most likely reasons.
- Popularity: It might go without saying, but WhatsApp is popular. And the more users, the more targets there are for potential hackers. Sometimes it’s as simple as that.
- Familiarity: Most people are very familiar with WhatsApp. Attackers know this, and rely on their targets being lulled into a false sense of security because of it. If their targets feel safe on a familiar app, they’re more vulnerable to social engineering attacks.
- Anonymity: While WhatsApp is owned by Meta, you don’t need a Meta account to use WhatsApp. In fact, all you need is a phone number, and attackers can create fake phone numbers pretty easily using certain apps and services. This grants them a level of anonymity, making it difficult to trace them if they’re found out.
- Easy targets: Because your WhatsApp is linked to your phone number, an attacker might find it easier to find and contact you than on other platforms. They could, for instance, find your number by looking for any service you’ve entered it on that’s been breached or has leaked customer data.
Can you get scammed on WhatsApp?
Unfortunately, you can get scammed on WhatsApp. A WhatsApp scam is, at its core, no different from any other kind of phishing or social engineering scam. The only difference is the medium through which the scam message is sent.
How do WhatsApp scams work?
WhatsApp scams begin like any other: An attacker finds one or more targets. This usually involves finding one or more phone numbers to scam on WhatsApp. The numbers might be picked at random, or they might be more targeted.
Once the WhatsApp scammer has their target(s), they send a phishing message to them. This message might pretend to be someone you’re likely to trust, such as a bank requesting verification, Amazon requesting delivery details, or someone pretending to be your son or daughter using a new phone.
The WhatsApp message will either try to get you to engage in conversation so the scammer can spend more time convincing you of their pretext, or it might try to get you to click a sketchy link or send money right away. In any case, the scammer will be looking to harvest your personal information, install malware on your device, or steal money from you.
The 11 most common WhatsApp scams to watch out for
This list will dive into the most recent scam trends and techniques and reveal how they work. The following scams can bypass WhatsApp security features, so it’s essential that you understand how they operate so you won’t fall for them.
1. The desperate son
This scam is simple but effective because it preys on basic human emotions and behavior. To pull off this trick, cybercriminals only need to search for victims who are parents. Once he has the mother’s or father’s phone number, they send them a text impersonating their son or daughter.
How it works:
- You receive a WhatsApp message from an unknown number claiming to be your son or daughter.
- The cybercriminal gives a convincing reason why your son is contacting you from an unknown phone number (lost phone or borrowing a friend’s phone).
- Immediately the scammer presents a desperate situation that requires urgent attention.
- The scammer asks for money to solve the “desperate situation” and provides a bank account or digital wallet for the transfer.
To avoid this scam: If you are a parent and your son or daughter contacts you with an urgent problem from an unknown phone via WhatsApp text asking for money, call your son or daughter immediately. Once you confirm that it is a scam, report, delete, and block the WhatsApp scammer’s contact info.
2. WhatsApp crypto scams
Crypto scams on WhatsApp can come in all forms, but the goal is always the same: to steal your money with the promise of returns on your crypto investments.
WhatsApp scams with crypto incentives can be particularly pernicious because they prey on those less familiar with the security concerns surrounding the fledgling cryptocurrency industry.
How they work
A WhatsApp crypto scam will usually try to convince you to invest in a certain kind of cryptocurrency via a specific link or to use a specific crypto trading platform.
The WhatsApp scammer might be direct, pretending to be a crypto investment guru and offering you advice if you simply enter your information on their website. However, this information, if you enter it, will invariably be used for nefarious purposes such as account takeover, identity theft, or bank account theft.
The scammer might also be indirect, pretending to be someone who got the wrong number. They might hope you’ll continue the conversation with them if you’re lonely. After gaining your trust over weeks or even months, they might try to get you to join a crypto trading platform, which, when used, will send your money directly to them.
Can you be catfished on WhatsApp? Not only is this a possibility, but the Federal Trade Commission has revealed that over 46,000 people reported more than $1 billion in crypto scam losses in 2021. And approximately one in every three of those dollars were lost to crypto romance scams.
3. WhatsApp dating scams
Dating scams are some of the most common scams on WhatsApp. This is because WhatsApp romance scams, like romance scams on any other platform, prey on a universal human desire: the desire for connection. The scammer uses this desire against you to trick you into giving up your personal information or money.
How they work
A WhatsApp dating scam might be targeted, but more often than not, it uses a scattergun approach, where the attacker will send the scam message to many different numbers in the hopes that just a handful will take the bait. If it’s targeted, it might be that the scammer matched with you on a dating app and is catfishing you, pretending to be someone they’re not.
If you take the bait and reply to the scammer’s WhatsApp message, they’ll attempt to get you attached to them, pretending to care about you, desire you, and perhaps even love you. Some scammers will keep this process ongoing for months, lulling you into a false sense of security and trust.
Eventually, the scammer will use the trust you feel for them and the care you have for them to get you to send them money or gifts, visit a sketchy site to install malware, or perhaps even request pictures or videos of you that they can use for sextortion and blackmail.
4. The Nigerian prince scam
One of the oldest scams on the internet is the Nigerian prince scam. Initially, this one was carried out via email, but it has recently moved to WhatsApp. The scam involves tricking users into believing there is an inheritance or reward to be gained if they help a wealthy individual who’s down on their luck (popularly a prince from Nigeria). Naturally, this individual is actually a scammer.
How it works:
- The attacker creates a fake WhatsApp profile, contacts you explaining that he is a wealthy individual, and presents the scam.
- There are many variations of this con. The scammer may claim that you have inherited some money and just need to pay some taxes to retrieve it, or they may ask for your tax information to help you transfer the funds.
- If you fall for the scam and give away the money, you will never hear from him again.
To avoid this scam: Don’t talk to strangers over WhatsApp, especially when they present suspicious stories or ask you for money or sensitive personal information. Block and report the contact and delete the conversation.
5. Fake blackmail
In this scam, cybercriminals pretend to have obtained sensitive information, videos, or photos from you. They will ask for money in exchange for not releasing the files to the public. The scam is similar to ransomware extortion, but the main difference is that the scammer never hacked you, nor does he have the files or information.
How it works:
- The attacker contacts you assuring that he has obtained sensitive files.
- He asks for funds in return for the files and promises not to leak the information or make it public. The scammer may even show you some photographs or information he obtained via a quick search of your social media to apply pressure.
- The scammer usually demands cryptocurrency payments and may continue blackmailing you, or they may simply disappear.
6. The verification code con
One of the most-used methods to hack a WhatsApp account is to trick users into giving away verification codes. Once a hacker has your verification code, he can change the number on your WhatsApp, along with all verification methods, and block you out of your own account. He might also use this access to breach your accounts on other sites or hack your friends, family, and contacts. This is a common WhatsApp phishing technique used not only to hack individuals but to gain access to organizations.
How it works:
- You first get a push or an SMS verification with the WhatsApp verification code that you did not request.
- The attacker then contacts you and explains that he made a mistake when putting in his phone number and asks you if you could share the code you received.
- If you share the code, you are sharing full access to your WhatsApp account and will lose control over it.
To avoid this scam: Not only should you not respond to unknown contacts demanding suspicious actions from you, but you should also always ensure that your verification number is correct and has not changed.
7. WhatsApp Gold scam
The WhatsApp Gold scam has been around for several years. The reason it’s still used is that it is simple but effective.
How it works:
- You get a WhatsApp message that looks very official and offers you an upgrade to WhatsApp Gold, a premium service of messenger applications that does not exist.
- While the fee to get this fake, nonexistent premium service is low, once you pay attackers, they steal your financial credentials.
- If you ignore the message and block and report the scammer, nothing will happen. But if you fall for it, you will suffer financial losses and never be able to recover your money.
8. Friends and family scam
Once a cybercriminal hacks a WhatsApp account, he will begin scamming that account’s contacts. That includes friends, loved ones, and families. In this scam, attackers use a hijacked account to trick users into giving away money or credentials.
How it works:
- You will first get a WhatsApp message from a cybercriminal posing as your friend, a family member, or a partner.
- The message will create a story with urgency. They will ask for help and demand money, or they’ll ask you to verify a code or share personal information.
- As with all attacks, the hacker will vanish into thin air once the scam is complete.
9. Lottery, gifts, or surveys
Cybercriminals preying on victims via WhatsApp will often claim that users have won the lottery or earned a gift. All they have to do to gain access to their prize is complete a survey. The purpose of this scam is mainly financial theft, but sometimes, when downloading documents or surveys from the scammer, they will install malware to steal data.
How it works:
- You will first get a WhatsApp message from cybercriminals promising a gift, asking you to take a survey, or congratulating you for winning the lottery. The messages are designed to look very legitimate and convincing.
- The sender then can ask for a fee in return for the prize, your personal tax information, or your credit card or bank information to confirm. They can also direct you to download a document or fill in a survey on a website that contains malware.
To avoid this scam: Always check with official sources if an agency or organization contacts you. It might just be someone posing as a representative. In general, always question anything that sounds too good to be true.
10. WhatsApp video call scams
While scammers on WhatsApp might be known more for WhatsApp spam calls than for live video calls, it’s not unknown for them to use video streaming as part of their ploy. Usually, when a scammer uses a video call, it’s to increase trust and make you more likely to fall for their scam.
How they work
Most WhatsApp scams involve the scammer trying to convince you they’re someone else. As such, they probably won’t video call you if they can avoid it because this would show they’re not the person they’re pretending to be.
Some scammers, however, will attempt to use this fact to their advantage, thinking that if they video call you or seem to attempt to video call you, you’ll be more likely to trust that they are who they say they are.
They might do this by making the connection so unstable and low quality that you can’t tell who is on the other end. Or, they might use a fake video. For instance, if it’s a romance scam, they might use a fake video of a woman whose pictures they’re using to catfish you.
In most cases, the scammer will video call you to try to make you trust them. In some cases, however, they may be looking to get a screenshot or video of you when you answer to use for blackmail or identity theft.
11. WhatsApp scam with an Asian lady
One of the most common WhatsApp scams is a romance scam where the scammer pretends to be an Asian lady. These WhatsApp scam messages are similar to other Asian lady scams found on the internet, but they’re sent over WhatsApp.
How it works
These WhatsApp scams are the same as other romance scams, except the scammer pretends to be an Asian lady, specifically. In these scams, the scammer’s looking to convince you they’re an Asian lady and get you to hand over gifts, money, or your personal information.
Scammers might pretend to be an Asian lady for a couple of reasons. First, because they might be targeting a demographic of people who like Asian women and will therefore be more likely to fall for the scam. Second, because the scammer can’t communicate in English very well and can hide behind the pretext of being Asian as a reason for this.
The 11 WhatsApp scams detailed above are just the tip of the iceberg when it comes to cons that are trending on WhatsApp. Others include WhatsApp tech support, the WhatsApp text bomb, call forwarding, and QR code scams. Fortunately, there are ways to keep safe from con artists and scammers on WhatsApp.
How can you spot a WhatsApp scam?
Spotting a WhatsApp scam is pretty easy. Unless you’re the unlikely target of a sophisticated spear phishing attack, looking out for the following signs should suffice.
Unknown contact
If you’re messaged by a contact you don’t know, treat them with caution. WhatsApp scammers might pretend to be someone you know, but if it’s a new contact, WhatsApp should tell you, and you can cross-check their phone number against the number of the person they’re pretending to be.
Too good to be true
Some WhatsApp scammers will try to lure you in with the promise of a monetary reward, romance, or even a job. But it’s unlikely that a stranger would reach out to you over WhatsApp to offer one of these things. So, if it sounds too good to be true, it probably is.
They don’t know your name
Most scammers send their messages to lots of people in the hopes that just a few of them will take the bait. As such, scammers usually won’t know your name and will instead use a generic greeting such as “hey.”
Some scammers might call you something generic but personable, like “mom” or “dad,” in the hopes that some of the people they send the message to are parents who will fall for it.
Spelling and grammar mistakes
One common sign of a WhatsApp scam is bad spelling and grammar. While even legitimate senders can make spelling and grammar mistakes, scammers tend to make a lot more.
Asking to share personal information
If a WhatsApp contact starts asking for your personal information or directing you to a website that’s asking for it, be on guard. Scammers will often try to get you to give up your personal information so they can sell it on to other hackers or attempt to commit theft, account takeover, or identity fraud.
New number
One common social engineering strategy WhatsApp scammers employ is to pretend they’re someone you know who’s got a new phone and has a new number. This becomes their pretext for why they’re not showing up as a contact on your phone.
To make this pretext more believable for more people, they often call you a personable but generic name, such as “mom” or “dad.” These kinds of scams will usually try to get you to do something like send money to the scammer urgently, because the longer you talk to them, the more likely you are to realise it’s not your real relative or friend.
Steps to take if you get scammed on WhatsApp
Despite it being a secure application, WhatsApp, as with any communication platform, isn’t immune to scammers. Opening yourself up to scams is, therefore, one of the dangers of using WhatsApp.
But if you do get scammed on WhatsApp, there are steps you can take to mitigate the damage, provided you act quickly. Here’s what to do:
- Block the scammer (either press Block in the notification box for an unknown number, or for a saved contact, click the three dots, then Report and Block.) Then delete the conversation.
- If you’ve given away any banking information or information that could be used to steal your identity, freeze your credit, report it to your bank and credit card companies, and follow the rest of our tips on our identity theft response guide.
- Change your passwords on your accounts.
- Enable two-factor authentication (2FA) for WhatsApp by going to your WhatsApp Settings and navigating to Account > Two-step verification > Turn on. Then, enter a PIN and an email address to use for WhatsApp 2FA.
How to protect yourself from scams on WhatsApp
Cybercriminals are constantly creating new ways to trick victims. Keeping up with every different strategy would be impossible. However, there are some simple tricks you can use to protect yourself.
1. Don’t talk to strangers
Cybercriminals do not use complex hacking tricks to execute the majority of WhatsApp scams. All they need for most cons to work is for you to willingly engage with them in some way. A high percentage of fraud starts when a user receives a message from an unknown contact with suspicious demands. The rule of thumb is never to talk to strangers. Report, mute, and block the user immediately without responding. If you don’t talk to the scammer, they cannot run their con.
2. Check your privacy settings
When you create your WhatsApp account, your privacy settings are set at the most relaxed customization possible by default. This means that any WhatsApp user can see information such as your profile image, when you log in, if you read messages that are sent, and if you are online. Contacts can also see your status updates, and any user, whether he is one of your contacts or not, can add you to groups. Limiting access to this information will make it more difficult for scammers to trick you.
3. Guard your verification codes
Verification codes are critical to getting access to your WhatsApp account. Be very vigilant if you receive a verification code you have not requested. Whether you get one via SMS, a phone call, or push notifications, never share your codes with anyone, no matter how believable the story they present.
4. Report, block, and delete
If you get any suspicious messages or are in doubt about a contact, immediately report, block, and delete it. This will not only prevent the attacker from contacting you again but will notify WhatsApp’s support and security team so that the contact cannot try to scam others. The scammer, once identified by the WhatsApp security team, will face legal consequences, and the block will prevent them from doing further harm.
How can you stop getting scam messages on WhatsApp?
Besides changing your privacy settings, there is no way to avoid getting spam messages or spam calls. WhatsApp recognizes the issue and says, “Just like regular SMS or phone calls, it’s possible for other WhatsApp users who have your phone number to contact you.” WhatsApp’s advice is to delete and block spam or unwanted messages.
How to report a WhatsApp fraud
You must report scams — not just block them, mute them, or delete them. And you can report a scam or fraud in just a few simple steps.
To report a user:
- Open the chat with the user you wish to report.
- Press Options and select View contact.
- Press Report and Block (or only Report).
When this is done, WhatsApp will receive the last five messages sent to you by the person you reported. The scammer will not be notified that you have reported them. WhatsApp also receives the reported group or user ID, information on when the message was sent, and the type of message sent (image, video, text, or other).
You can also block a user or group to stop getting messages, calls, or files from them.
To block a contact:
- Navigate to Options > Settings > Account > Privacy > Blocked > Add new…
- Search for or select the contact you want to block.
- Press Block.
Or:
- Open a chat with the contact you want to block.
- Navigate to Options > View contact > Block.
If you feel that you or someone you know are in immediate danger, contact local authorities.
With over 2 billion active users, WhatsApp is the world’s most-used instant messaging app. WhatsApp scams, frauds, cons, and hacks are not showing any sign of slowing down. In fact, quite the opposite. Fortunately, you can practice simple security policies that require no technical knowledge to stay safe.
