How To Avoid Falling For New Scam Via WhatsApp- DCI

The Directorate of Criminal Investigations (DCI) has exposed a new trick by scammers attempting to swindle innocent Kenyans through the popular instant messaging (IM) platform, WhatsApp.

According to DCI's statement on Tuesday, December 5, the scammers use a technique known as phishing which allows them to gain access to native individuals' mobile and personal details without authorization.

Phishing is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information, such as credit card numbers, bank information, or passwords, on websites that pretend to be legitimate.

In DCI's case, the technique sees scammers often luring victims by sending messages of fake job offers disguised as WFH (Work From Home) or any other form of job offer.

Screenshot of a WhatsApp conversation with a scammer. /DCI

"Once you respond, the scammer tells you it is a simple job and all you have is to complete a few tasks. This may come with a financial incentive/bait," disclosed DCI.

The said tasks are then forwarded to the victim and one is asked to undertake them and send a screenshot to complete the task.

"Once this is done, the scam moves to phase two. The scammers act as if there are some difficulties in transferring the amount and will ask you to download an app for easy transfer.

"This app contains malware or trojans and acts as an entry point to your mobile and personal information," added the DCI.

Phishing attacks on WhatsApp involve scams where fraudsters trick users into giving up sensitive information like passwords, credit card numbers, or bank details. They may impersonate a trusted entity or create a sense of urgency, preying on unsuspecting users.

WhatsApp phishing techniques used to be relatively straightforward, making them easier to detect. However, starting in 2019, a more sophisticated approach has emerged, enabling phishers to gain control over your account.

How does the WhatsApp phishing scam work?

Attackers use common phishing techniques and tactics to trick users into divulging personal or corporate information.

They impersonate a CEO or any trusted member and impose a sense of emergency while sending such WhatsApp messages. In recent times there has been an increase in unknown WhatsApp calls with such motives.

Attackers craft different types of messages such as 'Mum' and 'Dad' impersonation, Friend impersonation verification code scams, etc. Most of the time the users fall victim to such WhatsApp phishing attacks as they tend to be messages from trusted parties.

How to prevent falling for such scams?

Following an increase in such cases, DCI advised Kenyans to take the following preventive steps:

• Do not reply to any messages from unknown numbers offering jobs/other types of offers. It is advised to block such numbers right away.
• Do not download any app/click a link that seems suspicious or that an unknown individual suggests.