How to identify — and avoid — scams via WhatsApp and SMS
There is a reason why scammers are so fond of scamming via WhatsApp or SMS (the famous smishing): in general, we pay less attention to what we receive on our smartphones. In the rush of daily life, we normally do not pay due attention to messages we receive and we make decisions without thinking, which is precisely what cybercriminals want. After all, lack of attention is one of the crucial factors why social engineering maneuvers work and make victims fall into a trap.
With the new coronavirus pandemic (SARS-Cov2), this type of threat has grown exponentially, especially as citizens have started to use their smartphones much more frequently to carry out banking transactions, to order food in delivery apps, and to keep in touch with their customers, coworkers, family, and friends. According to the Brazilian Federation of Banks (Febraban, in its Brazilian acronym), malicious messages intended to steal user data increased by around 70% in Brazil since the beginning of the pandemic.
Several types of scam are disseminated via WhatsApp and SMS, and therefore it is important to know how to recognize them and avoid these risks.
WhatsApp: a Brazilian favorite
Managed by Facebook, WhatsApp is, without a doubt, a phenomenon in Brazil. It's hard to find anyone who owns a smartphone and doesn't have this app installed — after all, it was the one of the first in the instant messenger industry for mobile devices. However, it is essential to be aware of scams created for this application, including cloning and account hijacking. In the first case, a criminal uses your photo and your name to approach people close to you (under the pretext of “I changed my number”) and begins to extort your acquaintances by asking for loans that will never be returned.
In profile hijacking, the criminal usually employs social engineering skills to try to convince you to enter the verification code sent to your smartphone via text messages. The criminal may impersonate a researcher from some famous institute, claiming that this code is necessary to validate a study; an employee of your bank, telling you that you need to provide this information in order not to have your account blocked; or even a restaurant representative saying that confirmation of the code will entitle you to a free meal.
While not exactly a scam, WhatsApp is also becoming a place for the dissemination of false news and malicious message chains. Some examples include the classic message that some famous brand is distributing products for free or that a certain company has an absurd amount of job openings. In the end, when you click on the link and carry out the procedures, you will probably provide your personal data and end up in a blog full of advertisements.
SMS: old, but gold
There are still those who use SMS as their main form of communication. Regardless of the nomenclature, SMS messages, despite being old, are still widely used by criminals to devise scams. Be the first to cast a stone anyone who has never received a message stating that a certain prize was won or a credit card limit was pre-approved in your name, followed by a clearly suspicious link. And that's not counting the scams that exploit affiliate programs and so on and so forth…
Again, there is a reason why this kind of trap remains so effective: in general, people don't think much of receiving an SMS message, especially if they are on the move. It's a quick means of communication, so most victims fall prey to their first impulse of “got it and click on it”. Because of this, even if the pattern is old, it is still highly profitable for cybercriminals.
How can you protect yourself?
Never inform the codes you receive via SMS to anyone. Also, be wary of that friend of yours asking for money out of the blue — call him and confirm whether the request is genuine. In addition, don't believe in miraculous promotions and don't pass them on either, as you'll only be helping criminals reach even more people. Warn the contact through whom you received the link about the scam.
The same goes for SMS messages: be wary of messages that are supposed to be from your bank or offers that are too good to be true. In fact, serious companies use specific numbers for marketing via SMS, ranging from three to five numbers. So, if you receive a text message from the bank using a traditional number (with nine digits), it is a red flag.