The theme of scams on WhatsApp is increasingly known, “thanks” to the enormous number of hits scored by cybercriminals in recent times. According to what was stated in a report drawn up by Postal Policein 2023 they were treated 16,325 cases of online scamswith an increase of 6 percentage points compared to 2022. This has allowed cybercriminals to collect something like 137 million euros in 2023: 20% more than the previous year. Some of these scams were carried out thanks to the help of the popular messaging app WhatsApp. Second Danilo CiminoIT expert with experience at the National Institute of Nuclear Physics and CERN in Geneva, today the scams «they circulate more easily because WhatsApp is used by millions of people». To defend yourself you need to know well the “schemes” used by cyber criminals, paying particular attention to the so-called social engineeringa “family” of techniques and scams that exploit the “weak points” of human psychology.
How to recognize WhatsApp scams based on social engineering
WhatsApp, being able to count on something like 40 million users in Italy and 2 billion worldwide, is one of the most used messaging platforms in the world and this is why it is improperly used by unscrupulous criminals to trap potential victims. The How WhatsApp scams work very often uses thesocial engineering (from English “social engineering”), which we can understand as the study of “hacking” techniques of the human mind. In this regard, the IT expert Danilo Cimino states:
There are many scams on WhatsApp, some of them really well elaborated. One of the most common is the one in which they offer 5 euros to watch a video. It seems harmless, the money is even credited, but behind it there is a pyramid scheme involving other unwitting victims. Another common deception is where they ask for a 6-digit code, which is actually used for two-factor authentication. And then there are the fake job offers, created only to steal personal data and register SIM cards in the names of the victims.
These scams are designed to leverage the feelings and emotions of the victimswho are induced to perpetrate actions impulsively, perhaps under the pressure of urgent requests. There emotional pressure generated by the criminal pushes the victims to blindly trust a stranger who has been able to expertly use social engineering which, let it be clear, is not a new technique, born in the era of instant messaging services. Rather, as Cimino underlines, «these frauds are all based on old and proven schemes» also adding that the criminals «impersonate trusted people, such as bank employees or relatives in difficulty, to obtain personal data or empty bank accounts. Scammers often make emotional or urgent requests, such as a child saying they lost their phone and asking for money».
Furthermore, if you receive messages on WhatsApp that present these other characteristics, be very careful because you could find yourself faced with a scam attempt:
- Offers too good to be true.
- Requests for personal information.
- Messages from numbers with a foreign prefix.
- Messages containing grammatical errors and/or suspicious links.
How to defend yourself from social engineering on WhatsApp
Once you recognize a possible scam on WhatsApp, defend oneself it becomes relatively simple. To achieve this, in fact, it is enough ignore the demands of criminalsgoing to block and report their numbers. This, practically translated, means never share security codes, personal informationetc.
Furthermore, to sleep reasonably soundly it is important to protect your devices with PIN and/or biometric recognition (for example fingerprint or 3D facial recognition) and protect your accounts with thetwo-factor authentication or 2FA.
What can we say instead? end-to-end encryption of WhatsApp? Does it help prevent scams? In this regard, Cimino states:
WhatsApp’s end-to-end encryption only protects message privacy, but cannot prevent scams. Technology is important, but the best defense remains our critical sense: understanding how scams work and not falling into emotional traps is essential.
And to those who have fallen victim to an online scam, the expert suggests:
It is equally important not to be ashamed. Anyone can be a victim of a scam; the important thing is to immediately report it to the Postal Police, who will help limit the damage and manage the compromised information.
