WhatsApp remains the top free app on Android and iOS in South Africa, and when Facebook last reported the messaging app’s user base at the end of January, it was at 1.5 billion monthly active users.
The widespread adoption of the platform as a replacement for SMS, in South Africa and around the world, makes it an attractive place for con-artists to try and scam people.
With the greater integration of business functionality—including banking services from institutions like Absa—WhatsApp will continue to draw the attention of scammers.
The messaging platform has taken steps to help WhatsApp users protect themselves from scams, and to ensure their conversations are private.
In addition to end-to-end encryption, WhatsApp has indicators that are meant to help you know that you are speaking to who you think they are. This is what they look like.
WhatsApp Business account verification
When you first start a conversation with a business account on WhatsApp, it displays a notice in a yellow box to help verify that you are chatting to who you think you are. For Absa, it appears in the following format:
“Messages to this chat and calls are now secured with end-to-end encryption. Absa may use another company to store, read and respond to your messages and calls. Tap for more info.”
If a scammer contacts you claiming to be from a business, and this message does not appear at the top of the chat, they should be treated with suspicion.
“This message cannot be faked by a scammer as it is generated by WhatsApp,” Absa said.
Similar to the message used to verify the authenticity of a business account, WhatsApp uses a system of unique security codes for all chats on the platform.
These codes help you ensure that your chats are encrypted, and that you are speaking to the person you think it is. They are part of the end-to-end encryption scheme WhatsApp uses—a system called Signal Protocol, by Open Whisper Systems.
“Each of your chats has its own security code used to verify that your calls and the messages you send to that chat are end-to-end encrypted,” WhatsApp explains.
“This code can be found in the contact info screen, both as a QR code and a 60-digit number. These codes are unique to each chat and can be compared between people in each chat to verify that the messages you send to the chat are end-to-end encrypted.”
You may also see notifications that someone’s security code has changed.
“This is likely because you or your contact reinstalled WhatsApp or changed phones,” WhatsApp said.
However, there are scams where con artists take control of people’s WhatsApp accounts through a social engineering attack, and try to trick their contacts into buying fake goods or services.
It is therefore recommended that you verify the identity of a contact if their security code has recently changed, and you need to exchange private information with them.
To enable notifications for security code changes, launch WhatsApp and go to Settings > Account > Security. Then tap on “Show Security Notifications.”
As mentioned above, there have been reports of cons on WhatsApp where scammers take control of people’s accounts.
Thus far, the reports appear to have come mainly from East and Southeast Asia, but there is nothing about the attack to suggest that it is region-specific.
The scam works by con artists pretending to be one of your friends, then persuading you to send them an SMS verification code that is sent to you by WhatsApp while chatting with them.
This is the verification code WhatsApp uses when setting up on a phone for the first time.
Essentially, the scammers are tricking WhatsApp into thinking that you have moved to a different device, and end up taking control of your account.
Authorities have said that this attack is easily defeated by setting up two-step verification for your WhatsApp account.
WhatsApp will ask you to type in a secret code in addition to the standard SMS verification code whenever you set up the app on a new device.
To configure two-step verification, launch WhatsApp and go to Settings > Account > Two-step verification, and tap “Enable.”
If it’s too good to be true, it usually is
As with any other widely used online communication medium, scammers will try anything to try and trick people out of their money.
Most recently, swindlers have targeted South Africans through WhatsApp in “sextortion” scams.
Private investigator Mike Bolhuis said that the extortion begins with amounts of between R500 and R1,500, but can escalate quickly.
One Johannesburg businessman paid over R170,000 to keep explicit photos of himself from being posted online.
Bolhuis said that in most cases, the blackmailers are men who use a woman’s photos without their knowledge.
What to do with spam, hoaxes, and scams
WhatsApp advises that users should watch out for the following types of messages – those which:
- Include bad spelling or grammar
- Ask you to tap on a link
- Ask you to share your personal information
- Ask you to forward the message
- Say that you have to pay to use WhatsApp