WhatsApp scams: how to protect yourself and what to do if you are a victim

If an offer that seems too good to be true has arrived on your WhatsApp, email, SMS or any other digital channel, be suspicious. Even if the supposed advantage offered came from a friend or relative, it is always worth keeping in mind that this person may have been hacked, and on the other side of the screen is, in fact, a scammer.

A 2020 survey by the digital security company PSafe estimated that, in October alone, 453,000 people had their WhatsApp cloned or had their account spoofed — an average of 15,000 victims per day.

New mechanisms to circumvent digital security and trick users are often developed by criminals, but most scams follow a pattern. “They are made from an access granted inadvertently by the victim, through clicking on a link, for example, or even through browsing dubious websites or applications”, points out Gustavo Fiuza Quedevez, a data privacy and technology specialist at BVA Lawyers office.

In the expert’s opinion, anyone is subject to being deceived, but those who are not familiar with the applications may be an easier target.

Learn about some of the most common scam mechanisms below and understand what you can do if you fall into one of them.

1. Money Redemption Promise

In the last week, the launch of the BC (Central Bank) system that allows the consultation of money values ​​forgotten in banks and other financial institutions was used for scam attempts with false links that promise the consultation of the balance and even the advance withdrawal.

When the user clicks and enters their data, the information goes straight to the criminals. In addition, the links can install viruses directly on the device.

How to avoid this scam

The Central Bank itself distributed some tips:

• The website for consulting forgotten money and requesting amounts is valorareceber.bcb.gov.br and no other website should be used;
• BC does not send links and does not contact you to discuss amounts receivable or to confirm your personal data;
• The person should not make any kind of payment to access the values ​​and should not click on suspicious links;
• Only after accessing the system and only in the case of requesting the redemption without indicating a Pix key for the transfer can there be any contact from the financial institution to deal with the transfer of the amounts. There is no charge for the citizen.

“Criminals often create fake links when a new service is launched, as in the case of ransom. In these cases, people should check official websites (in the example, the Central Bank), where all the procedures to be adopted will be defined. It is also worth checking the number or the email address that ‘sent’ the email. free email sending platforms, using the name of the entity linked to the scam, such as ‘[email protected]'”, indicates Quedevez.

I fell for a scam and transferred money to the criminal. And now?

If the transfer of funds has taken place, it is important to file the incident report as soon as possible and immediately notify the financial institution, both the origin and destination, if different.

The bank account details and the telephone number of the origin of the scam contribute to investigations that can be initiated from the formal complaint. “Of course, the possibility that the criminal is using a CPF that does not belong to him and a fraudulent current account must be considered, but even so, for the denunciation, any and all data may be relevant and deserve to be reported, since such information associated with other equally relevant and object of complaints made by other victims can contribute to the identification of the crime and the scammer”, instructs the lawyer Alessandra Borelli, CEO of Opice Blum Academy, a company specialized in knowledge in digital law and data protection.

Capitals and large cities usually have police stations specializing in digital crimes, which have more tools and expertise to deal with this type of scam. “Regardless of this, as criminals operate throughout the country, the victim should always seek the local police authority”, says Gustavo Fiuza Quedevez.

In addition to the incident report, the report can also be made directly to the email ‘[email protected]’. The more information to demonstrate the strategy used for the coup and possible identification of authorship, the better.

2. WhatsApp cloned

To clone the WhatsApp account, the scammer impersonates a company known to the user, such as very popular retail sites or with an opportunity — for an event or work, for example — that is interesting to the victim.

In the call or message exchange, the criminal sends a request to the victim’s cell phone number and then asks for the six-digit WhatsApp code that appears on the screen, which allows them to enable the account on another cell phone and get started. receiving messages from the victim’s contacts. Thus, the victim’s WhatsApp is cloned and the scammer gains access to his contact list, from whom he normally requests money.

How to avoid this scam and what to do if you have been a victim

In addition to creating the aforementioned distrust, the user must use the two-step confirmation on WhatsApp (which works like a password), in addition to looking for an antivirus recognized in the market.

“Although they do not completely eliminate the possibility of a scam, the actions reduce the risk. In addition, it is never too much to indicate that the user must change their passwords periodically, avoiding the use of numbers linked to predictable dates, such as birthday, wedding date or mobile number”, says the lawyer of the BVA office.

If the user still suffered the blow, the strategy, points out the expert, should involve containing immediate damage, such as informing banks, blocking cards and changing passwords for email and platforms that contain personal and financial data. “Registration with the police authority must follow.”

3. Fake accounts

Using fake accounts to trick contacts is another type of scam that has become quite popular in the last year. The criminal creates a WhatsApp account with a new number and registers as if he were the victim, copying his name, profile picture and status. Afterwards, he contacts family members claiming to have “changed his number” and asking to borrow money, usually for situations with supposed urgency.

What to do if a fake version of your account has been created

“Inform your network of contacts as soon as possible that it is not you, file a report and contact the telephone operator to report that that particular number is being used for criminal practices. access to photos to third parties. Some applications, such as WhatsApp, offer the option to limit access to your (profile) photo to your contacts”, warns Quedevez.

Applying virtual scams can result in arrest?

According to Law 14.155/21, the practice of fraud, embezzlement, invasion of devices with the aim of stealing, erasing or altering data in digital media, including scams via WhatsApp, can result in a sentence of four to eight years of imprisonment. prison.

“For crimes of embezzlement, the law makes qualified theft by electronic means aggravating, which can result in a prison sentence of 4 to 8 years and a fine. The penalty is also increased by one to two thirds if the crime is committed by means of use of a server outside the country and a third to double if practiced against the elderly or vulnerable”, explains lawyer Alessandra Borelli.

4. Spy apps

WhatsApp can also be cloned by spyware, spy apps that allow a hacker — or even someone close to the victim — to monitor activities on their cell phone.

Thus, the criminal is able to keep an eye on the victim and has access to their personal data, including banking information and WhatsApp verification code.

To protect yourself, the recommendation is not to download apps that promise earnings (financial or social media followers), or functions that don’t exist (to know who visited your Instagram profile, for example).

5. Chip theft

To apply the scam, the criminal calls the operator pretending to be the person responsible for the account, claiming that the cell phone was stolen, and asks for the registration of a new chip. If the operator is deceived, the old number is registered on the new chip, giving the scammer access to the person’s groups and contact list on WhatsApp. When the new chip is activated, the original is blocked.

Is it possible to avoid this blow? What to do if you’ve been a victim?

In this case, the criminal acts without any interaction with the victim, so it is only possible to control the damage, according to experts.

“The person must contact the operator, formalize a report and contact the companies with which purchases were made (if any) so that the registration is blocked, still seeking reimbursements and indemnities before the judiciary”, says Gustavo Quedevez.