New WhatsApp scam on the warpath

9756
South African insurer launched Whatsapp chatbot
Guardrisk sells insurance policy via WhatsApp chatbot.
Whatsapp
As social media evolves, and has predominantly become more popular across Africa, it has now become a target for cybercriminals as well as fraudsters.(Image Source: wired.co.uk).

As Africa is becoming more mobile focused, connecting via social media platforms such as WhatsApp, BBM, Facebook and Twitter is becoming more of a necessity. We, as Africans, use these platforms daily to not only converse with our peers, but to also conduct business, advertise brands as well as publish and share breaking news articles.

As social media evolves, and has predominantly become more popular across Africa, it has now become a target for cybercriminals as well as fraudsters. According to thetechieguy.com, a new WhatsApp scam in now on the warpath in South Africa, and is also expected to reach the rest of the African continent soon.

Liron Segev, a South Africa based IT consultant, revealed that the latest WhatsApp scam essentially alerts users (Via SMS) that their WhatsApp application needs to be updated. When following the link provided within the SMS notification, users are then taken to a website where they will be under the assumption that they are indeed signing up to upgrade the WhatsApp application. However, instead of updating the application, the user is tricked into signing up to a subscription service that costs R7 per day. This results in the user being billed an estimated R210 per month extra on their phone bill, whereas the initial intention was to upgrade the WhatsApp application. Granted, scams like this can be spotted fairly quickly, especially by those who are tech savvy; however, it becomes a frustrating financial trap for those who are not.

According to Segev: “WhatsApp should only be updated from the official App store. Developers of apps dislike managing different versions of their app and the official application store makes it simple to have one point which notifies all their users of the new version. Developers may offer access to early “beta” versions of their software direct from their site, but that is applicable to a niche audience and legitimate app developers would never invoke a system such as an SMS to ask their users to update their apps.”


This is also the case for any other application that is pre-installed or purchased from an app store. Social media apps such as Facebook, Twitter, and any other app featured on the app store should be updated via the app store – which has been preloaded onto devices running Android, Windows Phone OS, or iOS. This also relates to any other application such as mobile games, productivity apps, or even location-based applications.

Once locked in, these scams can be hard to get out of. This is due to the fact that the user has physically typed in their details as well as confirmed their acknowledgement by clicking a confirmation or continue button. To add to this, scam artists as well as legitimate companies include terms and conditions, which are often over looked by the user trying to update an application. These terms and conditions may be included at the bottom of a page, out of sight of the user, or be placed in a text box in a much smaller than normal font. The terms and conditions then lock the user into an agreement, which was masked by the promise of an upgraded application.

To add to the WhatsApp scam, there are thousands upon thousands of email scams making the rounds. These include receiving invoices for apparent purchases made on popular eCommerce websites. Cybercriminials also send emails stating that payment has been made via your personal PayPal account. In order to identify these scams users should hover there mouse over the links provided. This will essentially identify where the link is really directing you in the lower left corner of the email.

To avoid online scams it is always essential to read through the fine print. Additionally, avoid replying to emails as well as text messages from unknown sources. Scam artist and cybercriminals tend to scour the internet for email addresses. Once obtained, they send attachments that include malware, spyware and ransomware to the user. The user then believes that the content is legitimate and either opens an attachment, or replies to an email. By replying to the email, you provide cybercriminials with your details. By clicking on attachments you can unknowingly install malicious content on your device, which records login details, keystrokes and information regarding your bank accounts.

In closing, always scrutinise unknown content, attachments and text messages received from unknown sources. If you have been caught by the above mentioned scams, local telecommunications providers such as Cell C, MTN and Vodacom can assist in removing them from your service by using the following USSD codes:

– Cell C: Using the USSD string *133*1# subscribers can block all existing and future content billing.
– MTN: Dial *141*5# and select which services to unsubscribe from.
– Vodacom: Vodacom users can unsubscribe from all Wasp services by sending “STOP ALL” to 30333.

Darryl Linington