WhatsApp is one of the most popular communication platforms in the world, but a large number of active users make it a rich hunting ground for cybercriminals.
According to Stephen Osler, Co-Founder and Business Development Director at Nclose, it is crucial that users are aware of the risks that come with working on the platform.
“The biggest challenge with WhatsApp safety is ensuring that the person you’re interacting with is real, that they are who they say they are,” Osler said.
“There has been a radical increase in WhatsApp spam and scams over the course of this year, and these are only growing more prevalent as cybercriminals take advantage of people in search of a good deal, or hunting for a new job. They prey on people who are distracted, tired and stressed.”
Although WhatsApp has several security features to minimise risk – such as end-to-end encryption, two-step verification, user reporting and blocking, and biometric lock and unlock, the system is not foolproof and cannot always protect against user error, which means that some successful scams and threats can put users at risk.
“Hackers are always going to be looking for smart ways of enticing individuals and taking advantage of them, and it’s really important to be wary of them. One such attack is using WhatsApp to impersonate a member of staff or one of the executives in a company,” Osler said.
“The hackers communicate with an employee and ask them to buy vouchers or pay a bill or send money while pretending to be the CEO or a manager. The employee then does as they’re told because they think they’re talking to their boss.”
Business account scams
Business account scams are also increasing, where fake business accounts impersonate real businesses to try and con people out of their money.
The best way to see if a business account is legitimate is to see if it has a grey question mark, as this means that it has not been verified y the platform.
Scammers may also use social engineering to get personal information from a user. The scammer will pretend to be a wrong number and try to get personal information off the user to hack their accounts or business.
Other scamming methods include: a scammer messaging a mother or father and convincing them to send money to an unknown number that claims to be their child who lost their phone, fake links that ask for personal information, and hijacking – where fraudsters use someone else’s phone.
Osler said that there are a few simple steps that can help minimise risk.
“The first is to restrict yourself from being added to a group automatically as this will prevent people from adding you to unknown groups that may not be created by friends and family. You can also restrict the information that you allow to be shared on WhatsApp from a business perspective – don’t let people share important data over the platform,” he said.
“This will not only reduce the risk but it will ensure you remain compliant with Acts such as POPI and the Cyber Crimes Act.”
WhatsApp should be treated with the same protocols as email. Don’t click on links, never forward content, don’t share personal information with someone you do not know, and always double-check everything.
“It’s worth implementing a WhatsApp policy that tightly manages how people interact on the platform from a business perspective and to educate people about the security threats constantly. That way, you can allow for the benefits that WhatsApp brings without opening the door to unnecessary risks,’ he concludes.