X-Industry

WhatsApp Scams

Posted by Jim McKee on October 6, 2025 at 12:00pm

13735871700?profile=RESIZE_400xWhatsApp has become one of the most popular applications, with over 2 billion users using it for communication with friends and family. Unfortunately, this makes WhatsApp an easy target for cybercriminals to exploit unsuspecting individuals. Since the app is used for friendly methods, many assume that contact via WhatsApp can be trusted. It cannot, and users must be cautious.[1]

Threat actors have elevated their tactics from the traditional style of email phishing to utilizing WhatsApp. They appear as legitimate organizations, complete with logos, letterheads, and websites. Users supply personal information in response to an alert or request, or click on a link that downloads malware. Cybercriminals employ a wide range of methods to attract their targets; the key is to be aware of the various types of WhatsApp scams.

Some of the WhatsApp Scams:

  • Offering a job: Almost always unsolicited, a threat actor will pose as a recruiter offering a job that seems too good to be true. They will request payment for items such as training or uniforms, and that’s when they have access to your account information.
  • Scams involving investments: These offerings can range from fake bonds or stocks to fraudulent investment opportunities. They usually offer fast profits and act as a can’t-miss-out deal.
  • Cryptocurrency scams: Most people are unfamiliar with cryptocurrency, so basing their interest on a few success stories is how cybercriminals often win. Those offering cryptocurrency scams are often impossible to track and can disappear, leaving users with lost money.
  • Dating scams: Threat actors target individuals who are lonely or seeking companionship. This makes individuals vulnerable to the lies that are told, often under the guise of love and commitment. Once trust is established, they typically request money for expenses or travel.
  • Rental/Real Estate scams: Cybercriminals offer rentals or properties for sale that either don’t exist or that they have no power to list. They will communicate heavily, offering websites that show details, and then request money for rent or a purchase deposit.
  • Upgrade to WhatsApp Gold offerings: To begin with, there is no such thing as “WhatsApp Gold”. Threat actors offer this non-existent scam to users stating that they will have all kinds of extra features that only gold members can experience. Of course, there is a price for Gold, and they offer a fake website where users can input their payment information.
  • Fake WhatsApp apps: Criminals are devious, and they have created several fake WhatsApp apps. They encourage people to download these fake apps from third-party app stores. Once the app is installed, it will attempt to download malware or gather login details.
  • Impersonation scams: These threat actors will contact an individual, pretending to be someone they know. Criminals usually do some research, so they have everything from information to a picture. It doesn’t take long for the impersonator to ask for money.
  • Request for Verification Code: As two-factor authorization becomes the norm, criminals will contact a user to request verification of their code for security purposes. Once they get the code, they have access to the user’s account.
  • General phishing scams: Cybercriminals will use WhatsApp to send the usual phishing scams that were once limited only to email. They can indicate a sense of urgency to respond due to a security issue, unauthorized transactions on an account, or an account suspension warning.

“As with anything on the internet, there continue to be dangers even with those applications that are designed as ‘friendly.’  DaVinci Cybersecurity communicates every new aspect of threat that may cause personal or financial distress; educating our clients to keep them safe.”

 

This article is shared with permission at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).  For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com    

 Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122

 

[1] https://davinciforensics.co.za/cybersecurity/whatsapp-scams-the-latest-way-criminals-attack/

Views: 5
Tags: tr-25-279-001, whatsappfraud, mobilesecurity, cyberawareness, staysafeonline, phishing
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!