Online safety is increasingly important, even for popular platforms like WhatsApp. With over 2 billion users worldwide, WhatsApp has become a favourite target for fraudsters and tactics have become more ingenious and effective than ever.
The majority of users are vulnerable when online, making it an irresistible platform for scammers. Cybersecurity experts from VPN Overview have compiled their top tips on how to recognise WhatsApp scams and how to prevent them:
What is WhatsApp fraud (friend or family emergency scam)?
WhatsApp fraud is a form of fraud in which cybercriminals pretend to be a victim’s acquaintance and then ask them for money. Currently, most of those criminals pose as a friend or family member and ask for financial help because “they urgently have to pay a (high) bill” or “they have an emergency and urgently need some money”.
Usually, the perpetrators pretend to be in a hurry, most likely to entice their victims to take immediate action. That is why this type of fraud is also referred to as a friend or family emergency scam. Sadly, on average victims loose thousands of dollars to WhatsApp scams. Age also seems to be a factor, with most of the victims being over 50 years old.
In most cases the phone number used by the criminal to commit WhatsApp fraud is unknown to the victim, yet the attached profile picture is familiar. Consequently, the victim thinks that he or she is indeed communicating with a friend or family member.
However, criminals can easily copy a photo from other social media platforms, such as Facebook or Instagram. The same applies to other information that can be used to mislead the victim. Like the vocabulary an individual may use, or certain events the individual may have posted about online (“Should’ve asked you for help when we were in that bar yesterday…”).
What are the tell-tale signs of WhatsApp scams?
Scammer creates a sense of urgency and pressures you to pay quickly.
Scammer contacts you from an unknown number.
Scammer informs about a number change and quickly talks about money.
Poor English is used in their messages.
Scammer does not want to be called.
Scammer asks for money to be transferred to an unknown account or uses an app that hides account numbers.
Tips to prevent WhatsApp fraud
Check if the number is correct if someone asks for money.
Check the language and communication style of the message.
Call the number or contact the person in a different way to verify the story.
Do not let the fraudster pressure you; think logically.
Ask the scammer a question only your friend or acquaintance would know the answer to if suspicious.
Secure voicemail with a personal code.
Never send a verification code without questioning.
Set up “2-Factor Authentication” on WhatsApp.
Remember that the tips provided above are not only important to protect yourself. If criminals manage to hijack your WhatsApp account, they can easily scam your contacts and possibly take over the accounts of your friends and family as well.
I’ve been a victim of WhatsApp fraud, what can I do?
If you have been a victim of WhatsApp fraud, it is important to remain calm and report the incident to your bank and the police.
Depending on the circumstances, it may be possible to reverse the payment, but individuals must act quickly. Wire transfers are harder to recover, and online payment services or apps can complicate the process.
Even if a refund is not issued, the bank will investigate the fraud claim to protect customers and prevent future fraud. Reporting scams to WhatsApp and AnyScam is also recommended, and national help groups for victims of fraud can assist individuals in dealing with the process and preventing future fraud.
The Charity Commission is warning charities against the risk of online fraud, as a new survey found around one in eight charities (12%) had experienced cybercrime in the previous 12 months.
This follows earlier findings indicating that the pandemic prompted increasing numbers of charities to move to digital fundraising and operating, exposing them to the risk of cybercrime.
Most concerningly, the survey highlighted a potential lack of awareness of the risks facing charities online, with just over 24% having a formal policy in place to manage the risk. Similarly, only around half (55%) of charities reported that cyber security was a fairly or very high priority in their organisation.
The warning comes ahead of Charity Fraud Awareness Week, which begins tomorrow on 17th October 2022. The campaign raises awareness of fraud and cybercrime and brings the charity sector together to share knowledge, expertise and good practice.
It is run by the Charity Commission and the Fraud Advisory Panel and a partnership of charities, NGOs, regulators, law enforcers, and other not-for-profit stakeholders.
The Charity Commission’s new survey explored charities’ experiences of online cyber-attack. It found that over half of charities (51%) held electronic records on their customers, while 37% enabled people to donate online.
A greater digital footprint increases a charity’s vulnerability.
The most common types of attacks experienced were phishing and impersonation (where others impersonate the organization in emails or online). For both attacks personal data is often at risk.
There are lots of simple steps that can be taken to protect against cyber harms including changing passwords regularly, using strong passwords and two factor authentication, updating training and policies, making back-ups of your data using the cloud and making sure antivirus and all other software is patched to the latest version.
Many useful tools and resources will be available to help charities reduce their vulnerability to these crimes throughout Charity Fraud Awareness Week.
The survey also confirmed that there is an under-reporting of incidents when they do occur, with only a third (34%) of affected charities reporting breaches. It’s important that charities get in touch with the Commission where there has been a serious incident, even where there may be no regulatory role for the Commission. This helps the regulator to identify trends and patterns and help prevent others from falling victim to fraud.
Amie McWilliam-Reynolds, Assistant Director Intelligence and Tasking, from the Charity Commission said: “Online financial transactions, and online working generally, present a great opportunity for charities – whether in engaging supporters, raising funds, and streamlining their operations.
“This was demonstrated in particular during the pandemic, when the longer-term move away from cash to online fundraising accelerated. But online financial transactions and the collection and storage of personal data also harbour risk, and we are concerned that some charities may be underestimating that risk, and are therefore exposing their charity to potential fraud.
“We hope that projects like Charity Fraud Awareness Week help raise awareness among trustees and charity staff of the risks they may face, and of the advice and guidance available to support them in protecting their charity from fraud.
“Preventing and tackling fraud is not a ‘nice to have’. It is vital that every penny given to charity makes a positive difference, especially during these straitened times, when donors, charities, and those they support face mounting financial pressures.
Sir David Green CB KC from the Fraud Advisory Panel said: “Fraud is the UK’s most commonly experienced crime and much of it is committed online. Therefore, it is essential that charities take the security of their systems, information, people and money seriously.
“Simple cyber security measures can make a big difference which is why we’ve collaborated with UK police forces to offer a series of free cyber-security focussed events during this year’s awareness week.”
Charity Fraud Awareness Week 2022 will feature online events, talks and useful advice from anti-fraud experts, designed to help the third sector and charitable organisations tackle the problem of fraud and cybercrime.
Beware of scams when looking for love online, especially if someone quickly declares strong feelings for you.
Take a moment to #Stop and #Challenge whether the person is who they say they are by reverse image searching their profile picture (possible on the search bar of some image searching engines).
In the first half of 2021 alone, over £15 million was lost to romance scams. Ahead of Valentine’s Day, Take Five to Stop Fraud and the Online Dating Association share how to spot the warning signs and keep your savings – as well your heart – safe.
TRUE LOVE OR FAKE PROFILE?
Criminals use information found on social media to create fake identities to target people with scams. They go to great lengths to build fake profiles, often stealing photos. Once fraudsters connect with you on dating sites, social media or gaming platforms, they’ll try to establish a relationship quickly. Many use the promise of buying a house together or getting married to trick you into falling in love with them.
Want to know how to spot a fake profile? Do your research first. You can check if the person you’re talking to is really who they say they are by reverse image searching their profile picture (possible on the search bar of some image search engines).
‘MONEY’ AT FIRST SIGHT?
After gaining your trust and convincing you that you’re in a genuine relationship, criminals then try and persuade you to send them money. Online daters should be aware of the actions fraudsters will use to manipulate them into parting with their money as unfortunately this is becoming more common. 38% of people who dated someone they met online said they were asked for money -. The average amount of money people were asked for was £345, although some were asked for more than £1,000.
Of those that were asked to give or lend money by someone they met online, over half (57 per cent) did so – putting them at risk of falling for a romance scam.
The three most common reasons people were asked for money were:
Claiming they need money for an emergency (37%)
To cover transport costs to visit you if they’re overseas (36%)
To help them make an investment (29%)
HOW TO PROTECT YOUR MONEY
If you’re ever asked for cash from someone you’ve never met in person then alarm bells should start ringing – it could be a scam.Ahead of Valentine’s Day, the Take Five to Stop Fraud campaign and the Online Dating Association is advising people how to stay safe from romance scams when dating online:
Be suspicious of any requests for money from someone you have never met in person, particularly if you have only recently met online.
Speak to your family or friends to get advice and share experiences. Friends and family can watch for any change in behaviour.
Profile photos may not be genuine, so you should make sure to do your research first. You can do this by uploading a picture of the person you’re talking to into your search engine to check that profile photos are not associated with another name. Performing a reverse image search can find photos that have been taken from somewhere, or someone, else.
Stay on the dating sites messaging service until you’re confident the person is who they say they are and ensure meetings in person take place in a public place. Online dating platforms have moderation and reporting processes in place to protect daters and remove scammers.
Contact your bank straight away if you think you may have fallen for a romance scam, notify Action Fraud and let the platform on which you met the scammer know about the incident
DODGY DATE?
Criminals are heartlessly targeting people online to trick them into handing over their money as a sign of love.
Stop, and take the time to think about the person behind the profile, get to know your date, and don’t send money to someone you’ve only met online.
Here’s some warning signs to watch out for that your date could be a scammer:
You’ve met someone online and they declare strong feelings for you after a few conversations
They suggest moving the conversation away from the dating website or social media to a more private channel such as email, phone or instant messaging
Their profile on the internet dating website or their social media page isn’t consistent with what they tell you
There are spelling and grammar mistakes, inconsistencies in their stories and they make claims such as their camera isn’t working
They refuse to video call/meet you in person
They get angry or try and rush you if you insist on staying on the dating site or ask to meet face to face.
Photos generally tend to be stolen from other people: check by doing a reverse image search and uploading a picture of the person you’re talking to into your search engine
You’re asked to send money to someone you have not met face-to-face, either through bank/money transfer or through the purchase of gift cards or presents such as phones and laptops. You may even be asked to provide them with access to your bank account or card
Upon questioning your friend or family member, they may become very secretive about their relationship or provide excuses for why their online partner has not video called or met them in person. They might become hostile or angry, and withdraw from conversation when you ask any questions about their partner
For more advice on how to stay safe from scams, visit the Take Five to Stop Fraud website and the Online Dating Association set of resources.
A coalition of organisations championing consumers, and representing civil society and business, have today joined forces to warn that the UK risks failing in its ambition to be the safest place in the world to be online unless it uses new laws to protect people from an avalanche of online scams.
In a joint letter to the Home Secretary and Digital Secretary, 17 organisations have urged the government to include online scams in its proposed Online Safety Bill – which could be announced in next week’s Queen’s Speech – so that consumers are better protected against the devastating financial and emotional harm caused by these crimes.
The organisations that have signed the letter include Which?, the Money and Mental Health Policy Institute, Carnegie UK Trust, UK Finance, the Personal Investment Management and Financial Advice Association (PIMFA), the City of London Corporation, City of London Police, The Investment Association, Association of British Insurers (ABI), MoneySavingExpert and Age UK.
From using social media to stay in touch with friends and family to using search engines to research potential investments at a time of record-low interest rates – the coronavirus crisis has meant people are spending more time online than ever before.
However, scams have escalated in the past 12 months, with Action Fraud figures showing that £1.7 billion was reportedly lost to scams in the last year. Many criminals have shifted their activity online. Action Fraud estimates that in the year to June 2020, 85% of all fraud was cyber-enabled.
The actual financial losses are likely to be much higher and do not capture the devastating emotional impact on victims. Research also shows that vulnerable people, including those experiencing mental health problems, are more at risk of falling victim to these crimes online.
In their letter, the organisations write: “Online platforms play a pivotal role in enabling criminals to reach and defraud internet users through the hosting, promotion and targeting of fake and fraudulent content on their sites, including adverts that they make significant profits from.
“Yet platforms have very little legal responsibility for protecting their users, despite often being the best placed to tackle harmful content.
“While we recognise there are initiatives being progressed by the Government designed to tackle aspects of online fraud, there is a growing risk that current plans for future regulatory frameworks are not taking a comprehensive approach to the threats faced by consumers and do not reflect the extent or urgency of the problem.”
UK Finance figures show a 32 per cent increase in investment scam cases in 2020, which are often promoted through adverts on search engines and social media offering higher than average returns.
One victim of such a scam was Maria Teresa Jackson, 63, a teacher. Ms Jackson was tricked by an advert she saw on a social media site, featuring a fake news story with fabricated quotes from celebrity adventurer Bear Grylls, who supposedly told how he had become a millionaire by trading in Bitcoin.
She clicked the button and put in her details and soon received a phone call from a “financial advisor” who showed her around a professional looking website, and was very knowledgeable about trading. Over time she was persuaded to transfer increasing amounts of money to the scammer.
It later became clear that the Bitcoin did not exist. Scammers stole nearly £120,000 and First Direct, her bank, has so far refunded her half that amount.
She said: “I felt completely sick. I’m overall better now but often I get flashbacks of certain events and that upsets me a lot. I usually get them at night when I’m in bed and when that happens, it sets the tone for a bad night’s sleep.”
A spokesperson for First Direct said:“We would like to offer our sincerest sympathies to Ms Jackson, and fully appreciate how the situation has impacted her. Sadly, there are unscrupulous individuals who carry out criminal activities without any regard for the effect this will have on their victims.
“Although we believe Ms Jackson could have exercised more caution and carried out further checks before making the payments, we could also have offered more effective fraud warnings. So on that basis we’ve refunded 50% of the payments made.”
A wide-ranging consensus has emerged across industry, regulators and consumer groups on the urgent need for action to tackle scams and the critical role that online platforms must take in doing more to protect their users.
The coalition of groups is calling for online platforms to be given a legal responsibility to protect users from fake and fraudulent content on their sites that lead to scams. The government now has a perfect opportunity to deliver this in its proposed Online Safety Bill, which could be announced as part of next week’s Queen’s Speech on 11 May.
Anabel Hoult, CEO of Which?, said: “The biggest online platforms have some of the most sophisticated technology in the world, yet they are failing to use it to protect scam victims who are suffering devastating financial and emotional harm due to the flood of fake and fraudulent content posted online by criminals.
“The time for self-regulation is over, as clearly it has not worked. The case for including scams in the Online Safety Bill is overwhelming and the government must take the opportunity to act now. Online platforms must be given a legal responsibility to prevent, identify and remove fake and fraudulent content on their sites so that their users are better protected.”
Martin Lewis, Founder of the Money and Mental Health Policy Institute and MoneySavingExpert.com, said:“It beggars belief that the government’s Online Safety Bill could ignore the epidemic of scams that the UK faces – but that’s the plan. Scams don’t just steal people’s money, they can take their self-respect too and those with mental health problems are three times more likely to be affected.
“The policing of scams is critically underfunded, leaving criminals to get away with these frauds with impunity. The government has a chance to at least deny them the ‘oxygen of publicity’ by making big tech responsible for the scammers adverts it is paid to publish.
“I plead on bended knee for the government to take that opportunity, by putting scams in the Online Safety Bill. Failing to do so will betray its promise to create world-leading online protection and will leave vulnerable people defenceless against online crime in the midst of a global pandemic.”
David Postings, Chief Executive at UK Finance, said: “Fraud has a devastating emotional impact on victims and even when the victim is reimbursed, the stolen cash is used to fund serious organised crimes which damage our society, including terrorism, drug trafficking, and child sexual exploitation.
“The banking and finance industry is tackling fraud on all fronts, but we can’t do it alone. We need other industries including the online platforms exploited by criminals to join the fight and take responsibility for criminal activity that is happening on their doorstep.
It’s not right that online giants are effectively profiting twice – once from criminals marketing scams on their platforms and again from organisations having to advertise fraud warnings to consumers.
“We are strongly calling on the government to take a major step forward by including economic crime in the upcoming Online Safety Bill and helping ensure tech giants take responsibility for their part in protecting consumers from the scourge of online fraud.”
William Perrin, Trustee at Carnegie UK Trust, said:“Our work at Carnegie UK Trust has set out the case for a systemic, statutory duty of care that would make online platforms take responsibility for the design and processes of their services to reduce online harm.
“This new research underlines the urgent need for action to protect consumers from harms such as online fraud and scams – and the Online Safety Bill is the way to do it. Both the City of London Police and the National Economic Crime Centre have told Parliament that their current powers are not enough to limit the spread of online fraud and scams.
“It is vital that the Government reconsider their inclusion in the Online Safety Bill.”
Liz Field, Chief Executive of PIMFA, commented:“The financial services industry has along with our partners been calling for financial harm to be included in the Online Safety Bill for some time.
“It is now vital that the Government takes action to provide better protection for consumers online by ensuring online search and social media firms take greater responsibility for what we, their customers, see on their platforms.
“The Online Safety Bill could provide a clear legal framework that would protect consumers from ever more sophisticated online fraud, largely perpetrated by organised criminals. PIMFA and our partners in this campaign continue to urge the Government to include financial harm in the Online Safety Bill.
“Doing so would save thousands of victims suffering enormous financial and mental distress and would be one of the best possible ways to disrupt organised crime.”
Scots expect to lose a staggering £42.6million to online fraud, with 13% of Scots expecting to become a financial victim losing an average of £600
Although 13% of Scots expect to lose money to online fraud in the future, the average they expect to lose is the lowest in the entire UK at just £600, compared to the UK average of £1,574.
Over half of Scots (54%) admit to using easy to guess personal information in their secure online passwords, with 14% using their birthday, and almost one in five (18%) admitting to including their pet’s name.
Scots should ‘paws for thought’ with one in five admitting to using their beloved pet’s name as their supposedly secure passwords.
Two thirds (66%) of Scots confess to sharing personal information, passwords and memorable words publicly on social media, without realising the risk they put themselves at.
Scots are amongst the most security conscious in the UK, with 59% saying they would change their password after a single breach had been detected, compared to a UK average of just 53%
With a first-to-market personalised security score, Protect Plus Cover and access to a dedicated fraud support manager if you do become a victim of fraud, ClearScore Protect Plus offers peace of mind, helping you to get ahead of fraudsters and stay ahead.
With Covid-19 restrictions beginning to ease and life beginning to feel a little more normal, fraudsters are preparing to take advantage as Britons begin planning to spend more freely in a post-lockdown era.
With the Bank of England governor Andrew Bailey predicting a post-covid spending binge, 65% of people have said that they are waiting for the Covid-19 crisis to ease before making big spending commitments.
Whilst planning their post-covid purchases, it seems people are also preparing to become the victim of an expected surge in online identity theft, with the average Brit expecting to lose an astonishing £1,574 to online fraud. With 15% anticipating losing money in the future, online fraud is predicted to cost the UK £15.7billion.
However, in spite of the large numbers of people who believe they’ll be a future victim of fraud, there is a disconnect between expectation and reality. Whilst the majority (53%) believe that they would change their password after one security breach being detected, internal data from ClearScore demonstrates that in reality, a staggering 94% of people take no action after a password breach has been flagged.
Worryingly, over half of people (55%) admit to using easy-to-guess personal information in their supposedly secure online passwords, with one in ten including their name, 9% their children’s name, 12% their birthday, and 17% including pet’s names in passwords.
With such a high proportion admitting to using easy-to-remember, but less secure, personal information in their online passwords, a staggering two-thirds (66%) confess to posting their secure personal information, including passwords and memorable words publicly on social media. Combined, these two traits make Brits a hacker’s dream.
ClearScore Protect Plus provides round-the-clock identity protection, using advanced web scanning to find breaches of your personal data on the dark web and beyond. Searching for instances where passwords, email addresses, phone numbers and your date of birth might have been shared by fraudsters.
With daily credit report monitoring, users will receive instant alerts both when personal information or a password breach is detected, along with any upcoming changes to a credit report, so unexpected activity can be checked and verified instantly.
ClearScore Protect Plus features include:
Dark web scanning for passwords, breaches and personal information
Deep web scanning passwords, breaches and personal information including phone numbers, home addresses and date of birth
Credit report alerts in case of any unexpected activity on your report
Security tips and tailored actions in the event of a breach being detected
Personalised first-to-market security score out of 1000 to help you understand your personal risk of identity fraud
Dedicated fraud case manager to help you get back on track step-by-step if you ever do become the victim of fraud
Protect Plus Cover including access to a specialist team who’ll help replace lost or stolen cards on your behalf, up to £200 towards replacing a stolen passport or driving license, and expert help to resolve cybersecurity issues
Credit freezing as standard if you believe you’ve been the victim of fraud, meaning anyone taking credit out in your name must provide extra documentation (such as a passports or driving licence)
CEO and Co-founder of ClearScore, Justin Basini says, “Since launching ClearScore Protect in April 2020, we have helped over 2.6million people protect themselves from online fraud.
“The launch of ClearScore Protect Plus supercharges that level of protection, providing people with a complete round-the-clock support package, from identification of instances of fraud, to supporting you in improving your online security, to helping you deal with the fallout of any instances of password breaches or identity fraud.
“Having fallen victim to identity theft myself, I understand how it can impact a person’s financial and mental well-being, and ClearScore Protect Plus is here to give personal and tailored support to ensure your online security is protected, always.”
ClearScore Protect Plus costs £4.99 a month (or £49.99 a year).
For more information on ClearScore Protect Plus visit:
The dark web has 10 billion open records available to scammers
Hooking up with a person online, having a lot of things in common, and sharing the same dreams sounds exhilarating, especially for a lonely person aged 40 to 69.
Sadly, the scenario might not be the result of Cupid’s carefully aimed arrow, but a methodologically plotted romance scam — a long-term plan to take advantage of someone who is prepared to give everything away just to see their beloved.
How do scammers find their victims?
Just like businesses analyze consumer behavior to base their decisions on data, scammers analyze stolen identity records to find patterns of loneliness.
According to NordPass’s research, the web is swirling with exposed databases. Recently, researchers have identified a total of 9,517 unsecured databases containing 10,463,315,645 entries with such data as emails, passwords, and phone numbers. This data can be picked up by scammers whenever they like.
“Behind every single leaked record on the dark web is a person. The number of records suggests that some people’s data has been leaked from multiple sources. This allows scammers to build a comprehensive picture of a person. The fishnet gets tighter if the source of data is a dating site, app, or platform,” says Daniel Markuson, a digital privacy expert at NordVPN.
Financial loss is upsetting, but emotional pain is even harder to deal with. Moreover, when victims are entangled in their romance, they get blindsided and even distance themselves from their friends and family to prevent their “relationship” from being challenged or intervened. Multiple studies also show that victims of romance scams usually remain silent.
Red flags
Scammers first approach their victims with emails full of flattery.
Below is an example received from a woman whose data was leaked from LinkedIn in May 2016. She was contacted by the scammer only in May 2020:
“Your beauty and your charming smile caught my eyes, it will be a great honor to know more about you, I am very interested in communicating more <…>.”
Scammers usually pretend they can’t meet because of their occupation: they say they are doctors working for international organizations, soldiers, or businessmen trapped in a hostile country. Some sad stories involve women losing $200,000 and still thinking they are loved.
In 2019, 200 million US dollars was spent on romance scams, which is almost 40% more than in 2018. The same year, more than 25,000 reports were filed with the FTC regarding romance scams. Moreover, the topic of romance scams is among the most visited on FraudSupport.org.
NordVPN’s digital privacy expert Daniel Markuson warns: “Even if you or your relatives seem to be scam resistant, establishing a protected internet browsing infrastructure is a good precaution.”
Quick scam-proofing algorithm:
Check if the email address you are using has been leaked. If it has, change the password immediately. Create a new email address unrelated to the compromised one.
Set your VPN settings to “always on”. That way, it will establish a secure connection every time you go online. This will help protect you from malware and fraudsters.
Be more cautious with new people who contact you. Scammers tend to first express their fascination with the targeted person and later ask them for money to pay for a plane ticket, cover medical expenses, help to solve life-threatening debts, or cover expenses on a visa and other official travel documents.
ABOUT NORDVPN
NordVPN is the world’s most advanced VPN service provider that is more security-oriented than most VPN services. It offers double VPN encryption, malware blocking, and Onion Over VPN.
The product is very user-friendly, offers one of the best prices on the market, has over 5,000 servers worldwide, and is P2P-friendly. One of the key features of NordVPN is the zero-log policy. For more information: nordvpn.com.
