Scam via WhatsApp uses leaked data and asks relatives of the victim for money – Antivirus and Security – Tecnoblog

WhatsApp and scam: a mixture that generates many headaches for Brazilians. One of the scammers’ ploys involves mimicking the profile of a close relative. The criminal poses as his mother, father or brother, notifying him that the cell phone was damaged in a fall, or it got wet, and that he took it for technical inspection. In the meantime, the criminal uses a provisional number and claims he can’t log into the bank’s app, asking the victim to make transfers on his behalf.

PIX / Foto de William Iven / Unsplash
WhatsApp has a scam in which a victim is contacted by a criminal who “imitates” a family member’s profile; know how to avoid it (Image: William Iven / Unsplash)

“My cell phone was damaged and went to the technical review”

This situation is quite common and you probably know someone who has been through this imitation scam. I myself suffered this blow last week, when a scammer blocked my access to WhatsApp through badly formatted messages, sent in sequence, to crash the app and make it inoperable. Then he copied my profile picture, and approached family members with this excuse:

My cell phone was damaged in a fall and I took it in for service. In 2-3 days the technician told me that it is ready.

The scammer just didn’t expect me to literally be on the side of the person who received this message.

The social engineering behind these scams involves approaching the person with the last profile photo used by the victim and using the correct degree of relatedness to gain their trust. That way, you can disguise (good or bad) the sudden change of number. Saying that “the cell phone fell and was damaged” and “it got wet and cannot be fixed” ends up going unnoticed when the scammer uses “father”, “mother” or “friend”.

Another common feature of the scam is trying to carry on a normal conversation. Some messages are exchanged as if you were actually talking to your relative. But it doesn’t stay that way for long: the scammer then asks for a bank transfer to be made, because the bank’s app isn’t “working” on the new number.

Many scammers ask directly for the Pix. It was my case and certainly that of many other Brazilians who have already faced this situation. Fraudulent transactions are a matter of concern to financial institutions themselves, and some already have Pix fraud insurance. Febraban (Brazilian Federation of Banks) also has a booklet against scams that use the instant payment option.

WhatsApp scam uses victim’s social network data

But how is it possible for the scammer to know the degree of kinship between the victim and the person he is talking to? This is related to two things:

  1. Data Leaks: Many of us have data such as email, cell phone number, RG and CPF somewhere on the internet. Some sites have loopholes that end up making this personal information available to the internet. And whoever looks for it, finds it.
  2. Social Networking: Probably most of us also have photos with relatives and friends. Has your mom or dad ever commented on a photo of you, or already congratulated you on your birthday? The post is there, on the timeline. The saying is repeated here.

Scammers look for and find the data and the photo and put this information to use when approaching the person via WhatsApp. It’s not about having the cell phone cloned, as many people think. In fact, the scam uses leaked information. Personal, but actually “public”.

It’s not a SIM Swap scam, when the scammer manages to clone your cell phone chip, gain access to your WhatsApp conversations and even manage to back up your data. It is possible to identify, through the messenger settings, when another strange device is using the app.

“In all these cases, the victims are usually very close relatives, such as siblings, parents or uncles. The fraudster does not contact a simple friend or acquaintance”, says Fernando Guariento, director of Professional Services at the digital consultancy AllowMe.

In my case, it was just a close relative. And the scammer probably already knew that when he approached her. It’s more appealing to call a family member when asking for help — even if it’s a four-digit Pix transfer.

How to prevent the blow? hold the emotion

To prevent the coup, it is necessary to restrict the access of social networks to any “nobody”. It’s possible to make Twitter, Facebook, and Instagram accounts limited to just people who get added, ie who you’re supposed to know.

It’s a good idea to check out the friends list on these platforms as well, to pick up weird contacts you’ve added that might have been used by a scammer.

If you’ve restricted access to your account only to your friends list, and you still fall for the scam, it’s likely because you’ve been a victim of phishing — that is, you clicked on some suspicious link that gave the scammer access to your personal profile for free. Always be careful when opening suspicious URLs. Do not click on any link on the internet, email or SMS message.

And, above all, stay calm. One of Google’s most searched topics this year is “how to be a cool person,” and we encourage people to embrace it at these times. Ask yourself, “does my relative usually write that way?” or “what’s the chance of him asking me for an urgent payment when his cell phone breaks?”.

Finally, it’s a good idea to get some proof that the person is really the one you know and not a stranger. “Send photo now” is a strange sentence but it can do in this case.

Guariento ends with another tip:

The silver bullet in this case is video calling. The fraudster will make a million excuses, highlight the urgency, say he can’t do it, etc. That’s because when you make a video call, all doubts are over, including whether the voice is similar, for example.

With information: AllowMe

Leave a Comment