The ‘Add This Number to WhatsApp’ Scam Explained

Criminals are constantly refining their social engineering schemes to keep potential victims off balance. WhatsApp is only one of multiple attack vectors, and some of the latest attacks using it are highly inventive. 

The best way to keep users safe, besides deploying a security solution on any personal device with a processor, is to keep them informed. One tactic criminals use is to constantly change their attack methods so people don't get used to them.

That's why some types of attacks might seem strange or ridiculous at first, but it's actually a tactic to catch users off guard. 

How it starts

For the most part, the attack begins in the same manner for nearly everyone.

• The user receives a call from a robotic (automated voice), usually from a foreign number.
• The voice instructs the potential victim to add a specific phone number or the number that just called to the WhatsApp contacts.
• The call abruptly ends, with no other finality.

 It would only be logical to ask why the attackers are doing this. It seems ridiculous, and it's easy to imagine that no one would actually go along with this.

The overall tactics are actually straightforward. Phone calls feel more urgent than emails or text messages. WhatsApp is widely trusted, so people often lower their guard, and adding a new contact seems harmless.

However, the fact that criminals continue to invest time and money in these attacks means they are effective. Keep in mind that they don't expect to have many victims - they are focusing on a particular set of prey. If a user goes through the trouble of adding the phone number to the contacts, the attackers know that it's also much more likely they can carry out the scam to their fraudulent endgame.

Potential endgame scenarios

WhatsApp account hijacking

Scammers target WhatsApp accounts because they're widely used and because it involves personal trust. After attackers persuade victims to add their number, scammers might send messages impersonating official WhatsApp support or a trusted organization.

This is a very common tactic. They request the victim's verification code under false pretenses, granting them access to the victim's account, then they lock the victim out.

Once hijacked, scammers use the compromised account to solicit money or personal information from the victim's contacts, exploiting established relationships and trust. They might even go so far as to demand a ransom to give back access.

Direct financial fraud and identity theft

Once the victim engages through WhatsApp, scammers can pose as representatives from banks, government agencies, or technical support. They fabricate urgent scenarios and demand immediate action, such as outstanding debts, fraudulent charges, or account security breaches.

The ultimate goal is to persuade victims to disclose sensitive personal and financial information, including bank account details, credit card numbers, and personal identification data.

This information, in the wrong hands, can directly lead to significant financial losses, fraudulent activities, and even complex identity theft.

Malware distribution

Another critical risk arises when scammers share links or files over WhatsApp under seemingly legitimate pretexts, such as sharing important documents or updates.

An unsuspecting victim might open a malicious link and inadvertently install malware on their device. This malware can harvest sensitive information, enable remote access by criminals, encrypt data for ransom (ransomware), or silently monitor the victim's activities. In fact, many of these types of malware are banking trojans explicitly designed to steal banking information.

Recruitment into criminal activities

In some sophisticated scenarios that involve complicated social engineering, scammers recruit victims into much larger criminal schemes. They might initially offer enticing, yet fake, job opportunities or "work from home" schemes via WhatsApp.

Another scheme might involve real people calling the victim and persuading them to invest in stocks or cryptocurrency using platforms that are actually fake.

Over time, victims may inadvertently participate in money laundering, illegal financial transactions, or the further propagation of criminal activities. Such involvement can lead to severe legal repercussions for victims who unknowingly become part of criminal networks.

Targeted social engineering and blackmail

By gaining initial access to WhatsApp and insights into the victim's profile and contacts, scammers can launch personalized attacks.

They exploit details from conversations or profile information to build credibility or pressure victims into compliance.

Blackmail and extortion can follow, using illegally obtained sensitive personal details or by threatening to release compromising or private information publicly unless demands are met.

How to stay safe:

Enable two-step authentication: add an extra layer of security to your WhatsApp account.

Be skeptical of unsolicited messages: Avoid engaging with unknown contacts requesting personal information, especially if it's coming from another country.

Use security tools: Bitdefender's Scamio is an AI-powered chatbot that can help identify potential scams. Users can also benefit from the full suite of a security solution such as Bitdefender Mobile Security.

Report suspicious activity: Inform WhatsApp and other relevant platforms of any suspected scams. Don't forget to report the scammers' phone numbers from the phone's operating system. Marking them as spam will help to keep other users secure.