Scamwatch: instant message fraud

Jess Bown
Sad Young Man with Mobile Phone at the table
Sad Young Man with Mobile Phone at the table

Stay one step ahead of the fraudsters with our series of articles giving you the lowdown on the scams they use to trick people out of their hard-earned cash - and how to avoid being taken in by them.

This week, instant messaging fraud such as that used to target WhatsApp users with dangerous malware.

How does it work?
Like email scams, instant messaging fraud comes in a variety of forms.

You might, for example, receive an invitation to claim your winnings from a fake lottery or a request for money to "release funds" from a foreign bank account.

In other cases, you will receive a message purporting to be from a trusted organisation and asking you to click on a link that allows the criminals to download malicious applications on to your mobile phone.

This is the type of fraud used against instant messaging service WhatsApp users recently.

The message sent out to them claimed to be from WhatsApp, inviting them to test a new calling feature.

But when they clicked through to find out more, their phones were inundated with apps and software that can contain dangerous malware.

How can I avoid being caught out?
The WhatsApp scam was very clever in that it used the fact that the service is expected to launch a feature called WhatsApp Calling later this year to make its messages more believable.

The criminals behind the scam also encouraged people to send it on to their contacts, creating a chain letter effect.

The golden rule when it comes to avoiding being taken in by instant message fraud is therefore to ignore all messages that seem in any way suspicious, and treat those that ask you to click on a weblink to proceed with particular caution.

I've been defrauded. What should I do?
If you are caught out by a scam linked to a service such as WhatsApp, it is a good idea to report the incident to the company so that it can take action to prevent other people being taken in.

You should also report it to Action Fraud (0300 123 2040) and change any passwords that may have been compromised if you were hit with a malware attack.

Related articles...
Scamwatch: pension fraud

Scamwatch: virtual kidnapping

Scamwatch: social media fraud