The recent spate of WhatsApp missed call scams has become a significant cyber threat in India. For an average Indian, a missed call from an international number may trigger their curiosity enough to prompt them to call back or text. This is when fraudsters initiate talking scripts to dupe users with fake stories. These stories are usually fake job offers and work-from-home opportunities.
According to Huzefa Motiwala, director of system engineering at Palo Alto Networks, the main objective of these scammers is to deceive and manipulate victims into sharing their confidential information. After obtaining the information, they either sell it to third parties or use it for fraudulent purposes.
This is owing to the rampant sharing and selling of personal user data. According to recent reports, two out of every three Indians receive at least three calls every day from someone who is trying to sell financial products or properties. While most of these calls can just be ignored, the bigger issue that persists is the misuse of user data. The WhatsApp missed call scam is the perfect example of bad actors attempting to cash on the user’s vulnerability by targeting them through social engineering and phishing.
Story continues below this ad
Motiwala, in an email interaction with indianexpress.com. touched upon various aspects of the WhatsApp scam and how one can safeguard themselves from similar scams. Below are his responses.
What are some warning signs that users should be aware of to identify potential call scams?
Identifying this scam is quite easy due to its presentation as a missed call or a WhatsApp text from an international number. As a rule of thumb, users should steer away from responding to unknown numbers that message or call directly on WhatsApp; especially if they happen to be international numbers. In the event that you interact with an unknown caller, be wary of sharing any personal information unless you absolutely trust the person you are speaking to.
What is the risk for enterprises if their employees fall victim to such scams, and what measures can they take to mitigate these risks?
WhatsApp scams targeting employees can have a serious impact on both the individual and the organisation they are affiliated with. Sensitive information such as employee ID numbers, user access passwords, puts companies at risk as scammers may gain access to the network. In order to counter such attacks, companies should educate and raise awareness among employees and enable them with the knowledge to deal with such attacks. Besides, the use of consumer-grade communication platforms like WhatsApp for work communication can be risky as they lack control and are vulnerable to social engineering attacks and data breaches.
Could you provide some examples of prevention and mitigation strategies that individuals and businesses can implement to protect themselves from these scams?
WhatsApp has been taking action against accounts that indulge in scam calls. In its Monthly India report, until May 2023, the platform banned over 47 lakh ‘malicious’ accounts in India. The platform received as many as 4,720 reports of such accounts in March and had acted against 585 of them.
Story continues below this ad
It is also important to note that all reported incidents of these scam calls use international numbers belonging to countries with relatively lax regulations around network registration. Therefore, adapting and strictly enforcing policies to curtail such criminal activities at the root level would effectively curb the high volumes we have witnessed recently.
Network providers must also build security guardrails for terminating calls from suspicious sources. They also must remediate any security loopholes within their infrastructures. With the steady adoption of high-speed 5G networks, attackers will be armed with faster, better-equipped tools. To prevent falling prey to such scams, users can employ the following mitigation strategies:
Multi-factor authentication: Enabling multi-factor authentication on WhatsApp adds security and privacy to account access. On applications that support multi-factor authentication, always enable it to ensure the highest degree of security.
Report: Users should ignore, block, and report these calls from suspicious numbers.
Story continues below this ad
Stay vigilant: Users should take efforts to stay informed about the latest scams being promoted on social media and communication apps. Being aware of such scams can prevent them from falling prey to the attacker’s techniques.
Stay updated: Users must ensure they are running the most up-to-date version of their apps or phone OS. This ensures they have the latest security patches installed, protecting them from outdated scams that have been patched already.
With the emergence of AI-generated scam calls that utilise victims’ profiles to fake legitimacy, how have these scams become more sophisticated?
With AI, scammers can now use AI to mimic the voices of trusted individuals, such as relatives, bank representatives, or government officials. This makes it more likely that victims will trust the caller and share sensitive information. AI can also be used to automate the vishing process, allowing scammers to make multiple calls simultaneously and increase the scale and reach of their attacks.
Story continues below this ad
To safeguard one from such scams, it is important to be vigilant and take precautions. Users should refrain from sharing sensitive information over the phone. Verify the identity of the caller before sharing any information, and for sensitive accounts using two-factor authentication is advisable.