WhatsApp Scams: Common Tricks and How to Stay Safe

Published: 23 February 2026 10 min read By ScanTotal Security Team
Last reviewed: 4 May 2026 by Kumari Rajapaksha, Founder, ScanTotal

My mum got a WhatsApp message last month from an unknown number saying "Hi Mum, it's me. I dropped my phone in the sink and this is my new number. Can you transfer $900 for my rent? My banking app won't work on this phone yet." She almost did it. She was literally at her laptop about to log into her bank when she thought to call me on my actual number first. It was a scam. Obviously. But the message sounded exactly like something my sister would write, right down to the casual tone and the emoji at the end. That's what makes these so dangerous.

WhatsApp scams have become incredibly sophisticated and widespread in Australia. The ACCC reported the "Hi Mum" scam alone cost Australians millions in recent years. In this guide, I'll walk through the most common WhatsApp scams, show you real examples, and give you concrete steps to protect yourself and your family.

1. The Verification Code Scam

This is the most dangerous WhatsApp scam because it can give an attacker complete control of your account. Here's how it works:

The attacker enters your phone number on WhatsApp's login screen, which triggers WhatsApp to send you a 6-digit verification code via SMS. The attacker then contacts you, often posing as a friend, a WhatsApp employee, or just pretending it was an accident, and asks you to share the code.

⚠️ SCAM EXAMPLE

"Hey, sorry! I accidentally had WhatsApp send a verification code to your number instead of mine. Can you just send me the 6-digit code you received? Thanks so much!"

If you share the code, the attacker takes over your WhatsApp account. They can then message your contacts (pretending to be you) to ask for money or steal more accounts. Meanwhile, you're locked out of your own WhatsApp.

How to protect yourself: Never share your WhatsApp verification code with anyone. WhatsApp will never ask for your code. No legitimate person needs your code for any reason. Enable two-step verification in WhatsApp Settings > Account > Two-step verification, this adds a PIN that protects your account even if someone gets your SMS code.

2. The "Hi Mum/Dad" Impersonation Scam

This scam has devastated families worldwide. You receive a message from an unknown number claiming to be your son, daughter, or other family member. They say they have a new phone number (their old phone was lost, stolen, or broken) and urgently need money for a bill, emergency, or other situation.

⚠️ SCAM EXAMPLE

"Hi Mum, it's Sarah. My phone fell in water and this is my new number. I have a really urgent problem, I need to pay my rent today but my banking app isn't working on this new phone yet. Can you transfer $800 to this account? I'll pay you back as soon as my bank sorts it out 😢"

The emotional urgency and the plausible story about a new phone make this incredibly effective, especially targeting parents and grandparents. It works because love overrides logic. That's what the scammers are counting on.

How to protect yourself: If someone claims to be a family member from a new number, verify their identity before sending money. Call their old number. Ask a personal question only they would know. Establish a family code word that you can use to verify identity in these situations. Never send money based solely on a text message from an unknown number.

3. Fake Giveaway and Prize Scams

These messages claim you've won a prize, qualify for a free gift, or can get free data/airtime by clicking a link and sharing the message with contacts. The links lead to phishing sites that steal personal information, install malware, or sign you up for premium SMS services that charge your phone bill.

⚠️ SCAM EXAMPLE

"🎉 WhatsApp is giving away 50GB of free internet data to celebrate their anniversary! Click this link to claim yours and share with 10 friends to activate: http://whatsapp-50gb-free.xyz"

These scams spread virally because the sharing requirement means they come from people you actually know and trust, even though your friend was also tricked.

How to protect yourself: WhatsApp doesn't run giveaways through chain messages. No legitimate company distributes prizes through forwarded messages. If a link has to be shared with multiple people to "activate," it's a scam. Check suspicious links with our URL scanner before clicking.

🔗 Got a suspicious link on WhatsApp?

Copy the URL and check it before clicking. Our scanner tells you if it leads to phishing, malware, or scams.

Check a URL, Free

4. Fake Customer Support

Scammers impersonate WhatsApp support, bank customer service, or other company representatives. They may message you claiming there's an issue with your account, or they might respond when you've publicly asked a company for help on social media.

The goal is to get you to share personal information, login credentials, verification codes, or to click a link that installs malware or steals information.

How to protect yourself: WhatsApp customer support will never contact you via WhatsApp message. Banks don't conduct account support through WhatsApp. If someone claims to be from a company, contact that company directly through their official website or app. Be especially wary if anyone asks for your password, PIN, or verification code during "support."

5. Fake Job Offers

You receive a WhatsApp message offering an amazing work-from-home opportunity, social media management, product reviews, data entry, or "simple online tasks" that pay surprisingly well. The messages are often vague about the actual work and emphasize the high pay and flexibility.

⚠️ SCAM EXAMPLE

"Hi! I'm a recruiter from [Company]. We're hiring remote workers for easy online tasks. Earn $300-$500/day working just 1-2 hours. No experience needed! Interested? Click here to apply: http://remote-work-apply.top"

These scams typically lead to requests for upfront payments (for "training" or "setup fees"), personal information theft (Tax File Numbers, bank details for "payroll"), or involvement in illegal activities like money laundering. This is what frustrates me most about messaging platform scams, WhatsApp has the technology to detect and flag mass-sent identical messages from new numbers targeting contacts lists, yet the end-to-end encryption that protects our privacy also shields scammers from any meaningful platform-level detection, creating an environment where organised fraud operations can target thousands of Australians simultaneously with virtually zero risk of being caught.

How to protect yourself: Legitimate companies don't recruit via random WhatsApp messages. Be sceptical of jobs that promise high pay for minimal work. Never pay money to start a job. Research any company independently before providing personal information.

6. Investment and Crypto Group Scams

You're added to a WhatsApp group filled with people excitedly sharing their investment wins, screenshots of massive profits from crypto, forex, or stock trading. An "expert" in the group offers to help you invest too. The group members supporting the expert are all either bots or accomplices.

They may direct you to a fake trading platform that shows impressive gains on your "investment." When you try to withdraw, you're told you need to deposit more money first (for taxes, fees, or minimum withdrawal amounts). The money is gone.

How to protect yourself: Leave any WhatsApp group you were added to without your consent. No legitimate investment guarantees returns. Verify investment platforms are registered with financial authorities. Remember: if everyone in a chat group seems to be making easy money, you're the target, not a member.

7. Malware and Spyware Links

Some WhatsApp messages contain links that, when clicked, download malware or spyware onto your device. These might be disguised as photo links ("Look at this photo of you!"), app updates, or interesting content. Once installed, the malware can steal your messages, passwords, banking information, photos, and more.

How to protect yourself: Don't click links from unknown contacts. Be cautious even with links from known contacts, their account may be compromised. Keep your phone's operating system and apps updated. Don't install apps from links, only download apps from the official App Store or Google Play.

Essential WhatsApp Security Settings

Take five minutes right now to configure these settings:

Enable two-step verification. Go to Settings > Account > Two-step verification > Enable. Create a 6-digit PIN. This is the single most important thing you can do to protect your account from takeover.

Control who can add you to groups. Go to Settings > Privacy > Groups and set it to "My contacts" or "My contacts except..." to prevent strangers from adding you to scam groups.

Hide your profile photo from non-contacts. Go to Settings > Privacy > Profile photo and set it to "My contacts." Scammers use profile photos to create convincing impersonation accounts.

Be cautious with auto-download. Go to Settings > Storage and Data and review auto-download settings. Consider disabling automatic media downloads, especially on mobile data, to prevent accidentally downloading malicious files.

📱 Received a suspicious message on any platform?

Paste the text into our SMS Scam Analyzer. It works for messages from WhatsApp, iMessage, Telegram, and any other messaging app.

Analyze a Message, Free

Frequently Asked Questions

Can someone hack my WhatsApp by sending me a message?

Simply receiving and reading a message won't hack your account. The danger is in clicking malicious links, sharing your verification code, or downloading malware. Keep your app updated and never share your 6-digit code.

What should I do if my WhatsApp account is hacked?

Log back in with your phone number to kick out the attacker. Notify your contacts immediately. Enable two-step verification once you regain access. Report to WhatsApp support if you can't regain access.

How do I enable two-step verification on WhatsApp?

Open WhatsApp > Settings > Account > Two-step verification > Enable. Create a 6-digit PIN and add a recovery email. This is the single best protection against account takeover.

Why do scammers target WhatsApp specifically?

Over 2 billion users, high trust in messages from contacts, end-to-end encryption makes detection harder, and phone numbers are easy to obtain. It's the perfect platform for social engineering attacks.

What Our Family Does Now

After my mum's near-miss with the "Hi Mum" scam, we set up a family code word. If anyone in the family messages from a new number asking for money or help, we ask for the code word first. No code word, no money. Simple as that. I also sat down with my mum and enabled two-step verification on her WhatsApp, hid her profile photo from non-contacts, and set her group privacy to contacts only. It took about five minutes. She hasn't had a single scam message get through since. Five minutes of setup versus potentially thousands of dollars lost. Not a hard decision.

WhatsApp Messaging Scams Account Security Scam Prevention Online Safety

Got a dodgy WhatsApp message? Check it now.

Paste the message or scan the link, free, private, no sign-up needed.

Check a Suspicious Message Scan a Link

Sources & Further Reading

Related Articles

Is That Text Message a Scam?
Related SMS scams that arrive via standard text messages.
What Is Phishing?
WhatsApp scams are a modern form of phishing attack.
Social Media Scams
WhatsApp scams often overlap with broader social media fraud.