Hong Kong police have received more than 600 reports of WhatsApp fraud since 2017. Worse still, victims have lost more than HKD9 million to swindlers in that time – HKD2.7 million in the first three months of 2019 alone.
A lot of the scams involve the cyber-criminal hacking someone’s WhatsApp account and using it to send payment requests to people in their contact list. The victims who receive the message believe that it is coming from a family member or close friend, and are more likely to follow the instructions.
In a recent high-profile case, a man received a message from his sister’s account telling him that he should buy top-up cards for online games and then resell them at a higher price to eager players. He followed the suggestion, buying HKD430,000 worth of cards and giving the PINs to the hacker, thinking it was his sister. It wasn’t. The money was gone.
Here are 6 things you can do to protect yourself from scams like this
1. Maximise your security settings
WhatsApp and many other messaging services let you enable ‘2-step verification’, which requires you to create a 6-digit PIN. You'll occasionally need to enter this PIN to view your messages, and you'll also need it in case you ever want to register your WhatsApp to a different phone number.
It's a very simple but powerful tool, because even if a hacker manages to get your log in details, they won’t be able to load your WhatsApp account on their phone.
2. Keep private details private
Never share your bank details, PIN codes or passwords. This also includes images of your ID cards, credit cards or any sensitive documents or forms. All it takes is one tap of the 'Forward' button, and your info can be shared with the world.
Remember these rules even if you are completely sure of who you are talking to. After all, there's always a possibility that their phone could get hacked in the future, meaning your financial details could be shared with scammers.
3. Avoid clicking pics or links
Never click a photo, gif or link in a message unless you are absolutely sure it is from someone you trust. Even then, avoid clicking anything that promises you anything like a prize, reward or voucher for doing a survey, playing a game, or forwarding the message. If the offer sounds too good to be true, it probably is. Try googling the details of the offer to establish if there are legitimate examples, or warnings of a scam or cyber-crime.
4. Get to know the product
Make sure you understand (and are using) all of the privacy and security settings on the app.
For WhatsApp in particular, many people fall victim to scams in messages claiming to be from the app's management. Remember that the company clearly states on its website that it will never ask you to:
● download anything extra
● tap a link, either to go to another site, or to activate a new service
● pay for using the service
● forward a message
If you receive a message claiming to be from WhatsApp that asks you to do any of these things, you should delete the message and report the sender to WhatsApp by going to Settings > Contact us.
5. Use common sense
If something seems off in a communication with a relative, like they're saying things they don't normally say or something just doesn't feel right about it, use caution – especially if they're suddenly asking for money.
You know your friends and family best. Ask them to call you so you can discuss it with them directly. If they say they are unable to call you, then do some digging and ask them some questions that only they would know the answer to.
6. Always make sure you are using the latest version of your messaging app
Apps are constantly improving their security features, fixing bugs and closing loopholes that criminals can exploit. But to take advantage of this, you'll need to keep your apps up to date. Either set them to auto-update or be sure to check regularly for new versions.
Be aware, everywhere
While many of the examples we've given here are about WhatsApp, fraudsters are just as happy to use other messaging apps to get their hands on your money. Fortunately, you can use similar strategies to protect yourself when using other apps.
HSBC is always looking out for your online safety and financial security. See what else you can do to help protect yourself.
Statistics taken from an article by the South China Morning Post article on 9 April 2019 titled 'WhatsApp scams explode: Hongkongers bilked of HK$2.7 million in three months on Facebook-owned messaging service'
- What is "phishing"?
- Avoid falling prey to WhatsApp scams
- What is a social engineering scam?
- How to avoid social engineering scams
- Beware of malicious software