Can You Get Scammed on WhatsApp?
If there’s one messaging app that scammers can easily exploit to steal your money and identity, it’s WhatsApp. With over two billion monthly active users, WhatsApp has become a popular platform for scammers to ensnare their targets [*].
Scammers prowling on text messaging apps like WhatsApp sent a massive 66 billion spam texts in 2022 [*]. Projections show that Americans could lose $28 billion to text message scams going into 2023.
If you’d rather text than talk, how are you protecting yourself against the latest WhatsApp scams? In this guide, we’ll list the most trending scams, how they work, and what you can do to avoid them.
10 Types of WhatsApp Scams Making the Rounds Today
- Mom and Dad impersonation schemes
- Friend or loved one in need requests
- Unauthorized verification codes
- WhatsApp Gold
- Bogus gift cards and surveys
- Lottery scams
- Crypto romance scams
- QR code scams
- WhatsApp tech support scams
- Call forwarding scams
1. Mom and Dad impersonation schemes
The mom and Dad scam is a classic social engineering attack that’s extremely easy to orchestrate. It involves fraudsters impersonating a victim's child and asking for money. Unsuspecting parents are deceived into transferring funds into a scammer’s bank account.
How it plays out:
- The target receives a WhatsApp message from an unknown number claiming to be from their child.
- The scammer narrates a convincing tale about a lost or broken phone so as to justify this new number. In other variations of this story, the scammer may claim to have been locked out of their mobile banking app.
- Further, the scammer insists they urgently need money and then sends over bank details for a transfer.
- Once the victim sends the money, the scammer disappears.
What to do: Verify your child's supposed new number. Send a text message or make a phone call to confirm whether they’ve actually lost access to their phone. Also, verbally confirm any bank account details before you initiate a fund transfer.
2. Friend or loved one in need requests
In this scam, fraudsters pose as friends or loved ones of the victim and claim to be in need of immediate help. But what they really want is your six-digit WhatsApp verification code, personal information, or money.
Scammers typically use one of two methods to pull off this scam: (1) They message you from a new number claiming to be your friend. (2) They reach out from a familiar WhatsApp account after hijacking that number.
How it plays out:
- You receive a message from your “friend” or “loved one” out of the blue.
- They claim to be in some dire situation that requires your immediate help, such as being stuck abroad or in jail.
- They ask for money right away, creating a sense of urgency so that you won’t investigate the situation any further.
What to do: If you ever receive texts from friends asking for money, call them to verify their identity. An alternative is to request a voice note from the texter to confirm that the person is who they claim to be.
📚 Related: Can You Stop the Identity Theft of a Deceased Person? →
3. Verification code scams
In a WhatsApp verification code scam, bad actors try to log into your WhatsApp account from their mobile device. They trick you into sending a verification code that gives them access to your WhatsApp.
How it plays out:
- You receive an unexpected message with a verification code from an unknown number.
- The unknown sender will apologize for sending you their WhatsApp verification code. Following this, they will press you to share that code with them.
- With your verification code in hand, they can now take over your WhatsApp account and lock you out.
What to do: WhatsApp sends these verification codes as push notifications when you register your phone number on the app. This could happen if someone mistyped your number or is trying to take over your account.
If you get a text message with an unexpected verification code, delete it. Block any WhatsApp user that asks you to send them a code or PIN. Finally, turn on two-step verification if you receive multiple one-time codes out of the blue.
4. WhatsApp Gold
The WhatsApp Gold scam comes around every few years — warnings about a smishing text with malicious links first appeared in 2016.
In this scam, you receive an invitation to upgrade to WhatsApp Gold, a special edition of the messaging app with new and exciting features — except it’s a hoax. WhatsApp Gold is not a real app, and any alarming “warnings” about WhatsApp Gold are also scams.
How it plays out:
- You receive a message from a phony, official-looking WhatsApp account. It gives you a description of WhatsApp Gold and encourages you to sign up.
- After you click on the download link, the scammer installs malware on your device.
- The scammer can then hack your phone, steal sensitive information, and even message your contacts to try and get them to sign up for the fake WhatsApp Gold app.
- A variation of this scam warns recipients not to open malware-laden videos that are called "Dance of the Pope" or "Martinelli." Eerily similar to chain letters from the past, this scare tactic urges recipients to forward copies to their phone contacts.
What to do: If you receive a message about downloading WhatsApp Gold, delete it immediately. Never forward these messages to other contacts in your phone no matter what the scam text says.
Information security veteran Graham Cluley explains, "There’s no mention of what mobile operating system the malware runs on. There’s no link to the BBC News report which it is claimed warned about the virus [*]."
5. Bogus gift cards and surveys
If you receive unsolicited messages asking you to fill out a survey or claim a gift card, it’s most likely a scam.
These messages intentionally spoof reputable companies like Marks & Spencer, as seen in the example below. However, the goal is to dupe you into sharing personally identifiable information (PII) or downloading malware.
How it plays out:
- You receive a WhatsApp message promising a free gift card. Because the offer is associated with a popular brand, it seems legitimate.
- After clicking on the link, you are redirected to a survey page that asks several personal questions.
- The scammer vanishes with your PII — leaving you facing the risk of identity theft and no gift card whatsoever.
What to do: If you receive a WhatsApp message from a company, confirm that you have signed up for notifications with that company. If not, ignore the message and delete it.
If such offers seem authentic or enticing, check the company’s official website or social media accounts before you click on any promotional links.
📚 Related: The 7 Latest Amazon Scam Calls (and How To Avoid Them) →
6. Lottery scams
A newer WhatsApp scam in the United States involves impersonating Mega Millions to bilk victims [*]. It often happens when the jackpot is high, like in August 2022 when it hit $1.3 billion.
Players and non-players are promised cash prizes in exchange for a fee to claim their prize, which of course, doesn't exist.
How it plays out:
- You unexpectedly receive a message from someone claiming to represent Mega Millions.
- The sender promises you cash and other prizes (like a car) in exchange for a large fee.
What to do: Keep in mind that you will not get a call from a lottery representative if you win. Also, Mega Millions doesn't award prizes worldwide based on phone numbers or email addresses.
Legitimate winners need to have purchased tickets from an American lottery. There are no fees to claim your prize should you win.
📚 Related: How To Stop Call Extended Warranty Call Scams For Good →
7. Crypto romance scams
20% of Americans who have used a dating app in the past five years have encountered someone asking them to invest in cryptocurrency [*]. These heartstring scammers tend to originate from Tinder or other dating apps, and then move to WhatsApp as they build trust with victims.
How it plays out:
- Someone takes an interest in you online, whether on Tinder or Instagram. As they get to know you, they request your number and start messaging you on WhatsApp.
- Scammers seek to eventually impress you with wealth and sophistication, which they attribute to their cryptocurrency successes.
- They promise easy money if you start investing in crypto, and are there to help you make your first investment.
- Every "investment" you make with the scammer goes straight to their wallet. You never get your money back.
What to do: Easy money can be tempting, but remember that it often points to investment fraud. Cryptocurrency transactions — and those via payment apps like PayPal or Zelle — are almost impossible to reverse.
Make sure anyone you meet online is a real person and not an imposter. Do a reverse image search of their profile picture to confirm that they are who they claim to be.
📚 Related: How To Avoid the "Pig Butchering" Scam Costing Victims Millions →
8. QR code scams
This scam starts with a similar message to one you would receive in a lottery scam.
The cybercriminal tells recipients that they won big in a contest. For the contest to “release” your prize money, you need to first make a payment.
After the victim concedes, the fraudster sends them a QR code to scan and transfer money. With bank account information that the victim inadvertently shares, the scammer proceeds to drain their bank account.
How it plays out:
- Cybercriminals send a QR code over WhatsApp. They ask you to scan the code to receive money in your account.
- By scanning and entering a PIN, you give the cybercriminal access to your mobile wallets.
What to do: Scanning a QR code is like clicking on a link. Always verify where the QR code came from before scanning it. Also, know that you don’t need to scan any codes to receive money.
9. WhatsApp tech support scams
The scammers here impersonate members of WhatsApp's tech support team. To make it look like they're legitimate, they add a "verified" symbol to their profile picture.
In the most common scam, impersonators will ask you to verify your identity.
Or, they “help” by asking for credit card numbers, six-digit WhatsApp codes, and other sensitive information.
How it plays out:
- A scammer sends a message posing as a WhatsApp support representative. They ask you to verify your identity with a verification code that comes through as an SMS or Telegram message.
- Once you give them the verification code, they hack your WhatsApp account and access your chats and other personal details.
What to do: There are two main clues to look out for here:
- A verification check mark appears on the sender’s profile picture. Official WhatsApp accounts carry the verified badge next to a contact name and not in the actual avatar.
- An official member of WhatsApp will never message you through the app.
They will also never ask for credit card information or verification codes to supposedly prevent account termination.
📚 Related: Scammed on Zelle? Here's How To Get Your Money Back →
10. Call forwarding scams
A WhatsApp scammer can hijack a victim's account and access messages using a call forwarding trick.
In this scam, a one-time password (OTP) verification code is sent via voice call by using a mobile carrier's automated service to forward calls to another number.
How it plays out:
- You receive a phone call from the scammer. They convince you to call a number starting with a Man Machine Interface (MMI) code. These codes begin with a star or hash prefix (*#) followed by the scammer’s phone number.
- When you dial the code, it activates n call forwarding. The attacker starts the WhatsApp registration process for the account registered with your phone number.
What to do: Don’t pick up calls from unknown numbers on WhatsApp. If you unwittingly initiated a call forwarding request, look for an on-screen pop-up to cancel activation.
📚 Related: What To Do If You Receive a Social Security Scam Call →
To Stay Safe on WhatsApp, Do This
Set up two-factor authentication (2FA)
Two-factor authentication helps to improve the security of any online account, not just your WhatsApp account.
Setting this up ensures an additional layer of protection when you log into an app. A one-time code is sent to your phone, email, or authentication app before you can log into WhatsApp.
Discuss creating a distress password with your family
Consider creating a distress password with your parents or other loved ones to avoid falling victim to an impersonation scam.
You'd use this password to confirm whether an unfamiliar number is coming from someone you know.
By doing this, a parent can respond to a "Hi dad" text by using the distress password or asking a question to trigger the right response.
Question urgent requests for money
Even if the request is from a close friend or family member, you should always question urgent requests for money.
Scammers use urgency tactics so that you won’t investigate the circumstances of the person who is supposedly requesting money.
📚 Related: How To Tell if a Crypto Recovery Service Is a Scam →
Call to confirm
Even if the person messaging you says the number has been disconnected or their phone is broken, call the number you have for them. If you can't reach them on the phone, connect with them directly on social media to confirm before you send any money.
Change the default pin on your voicemail
Many people set their voicemail pins to something simple that they can remember, such as 1111 or 0000. This makes it easy for hackers to access your voicemail and intercept audio verification codes sent to your accounts.
Protect your voicemail with a unique pin that hackers cannot guess. Here’s how to change your voicemail password on iOS, Android, and Windows devices.
Report the contact and scam to WhatsApp
Don't forget to report any suspicious activity to WhatsApp. They can work to shut down these fraudulent accounts and ensure that other users aren’t impacted by similar smishing or phishing scams. To report a number on WhatsApp:
- Open the chat with the user you want to report.
- Tap the contact name.
- Tap Report Contact.
- Finally, tap Report And Block.
It Pays to be Wary on WhatsApp
Apps like WhatsApp offer low-cost ways for scammers to reach billions of targets around the world. A recent data leak, for example, exposed nearly 500 million WhatsApp phone numbers from 84 countries.[*] Armed with such stolen data, bad actors may invent online personas, or hijack existing accounts to recruit “friends” to con more victims.
Seemingly innocuous friend requests may culminate with the inevitable request for money — 9% of all contact methods in such scams occur via WhatsApp [*].
Whether it’s a WhatsApp scammer posing to be your son, or a message about a gift card or giveaway, always approach messages from unknown numbers with caution.
And if you’re worried that you may have fallen victim to a scam, take advantage of Aura’s financial fraud protection and credit monitoring services. Receive near-instant notifications about any suspicious changes to your credit or bank accounts.
