There’s an old saying about a sucker being born every minute, but these days it almost seems more like a scammer is born every minute. WhatApp is lately on everyone’s radar as a fertile breeding ground for new scams.
As the pandemic continues to drive online shopping to new heights, scammers are right there to take advantage of it, and one of the hottest new WhatsApp scams revolves around online delivery.
In one variant, a consumer receives an invoice for an online purchase stating that the item is being shipped from a foreign country and asking the consumer to pay a modest customs or shipping fee.
A payment link in the email takes the consumer to what looks like a legitimate site but is in fact fraudulent. The customer loses the money for shipping and customs and also gives up his or her credit card number to the scammers, as well as other personal information.
The BBC recently reported on another fast-spreading WhatsApp scam, in which criminals swipe consumers’ SMS security codes.
WhatsApp says users should never provide their security code to anyone, even if they think it’s a friend. Normally you only use the code to sign into the service so there is no legitimate reason to provide it to anyone else.
“I got a WhatsApp message from my good friend Michelle, saying she was locked out of her account,” one victim, called Charlie, told the BBC. “She said she accidentally sent the access code to my phone instead of hers, and could I just screenshot it and send it over.”
Charlie did so and lost control of his account to the scammer.
Social media provide the platforms for scammers
WhatsApp is not directly involved in the bogus transactions but is only the messaging platform the scammers use to contact their victims. The service, owned by Facebook, has 1.5 billion users worldwide and boasts that it provides end-to-end encryption of messages, so that lends an air of security to wary users.
In a report last year, cybersecurity firm Kaspersky named WhatsApp, Facebook, Google and YouTube as the social media most often used by scamsters.
Noting that when a new service gains in popularity, like WhatsApp, it becomes more attractive not only to users and advertisers but also to criminals.
Of WhatsApp, Kaspersky said: “It appeared to be flooded with fake accounts and scammers who are gradually improving their skills as the service rises in popularity.”
How to protect yourself
How can you protect yourself? The obvious answer is to never provide payment information – credit card or bank account number – to anyone you don’t know. Phony websites can make that difficult, however, and even experts have been fooled by sites that spoof a well-known consumer brand.
If you regularly do business with an online firm, you may have previously provided them with your credit card number and should not do so again.
You can also use a third-party payment service like PayPal, which enables you to avoid providing your credit card information to anyone and everyone you deal with. You supply your email address to the merchant and PayPal makes the payment. The vendor never gets your credit card or bank information. The worst-case scenario is that you could lose some or all of the payment but your personal information would still be secure.
The best solution of all, of course, is to maintain accounts at a few large firms – Amazon, BestBuy, Crutchfield, etc. – and do all of your online shopping there. Besides being highly secure, they have well-established shipping policies and procedures that should eliminate the potential for scams like the ersatz custom fees.
Security software can help
Kaspersky would add that both consumers and businesses should load up on security software for their computers and keep it updated. This can help weed out viruses, phishing scams and other online plagues.
“Businesses … need to provide their employees with comfortable use of services they require, so it is crucial to get the balance right. We at Kaspersky appreciate this and provide organizations with relevant protection tools and expertise,” said Tatyana Sidorina, security expert at Kaspersky.
Sidorina adds that users should be extremely wary of all unexpected emails to avoid phishing scams.
“Spam and phishing schemes are still some of the most effective ways to launch successful attacks because they play on human emotion. The best thing users can do is be wary of any unexpected emails and be very careful about clicking on any email attachments or links—go to the website directly,” she said in a news release.