More than a billion people use the WhatsApp mobile messaging app that helps you send text messages, photographs, videos and audio.  Due to its extreme popularity, it is not surprising that WhatsApp has become an attractive platform for scammers. I have reported to you for years about the various scams targeting WhatsApp users. A common WhatsApp scam that is happening frequently involves social engineering used to hack your account and then use your account to scam other people.  The scam starts when you receive a message through WhatsApp that appears to come from a friend or family member. The message tells you that you are about to receive a text message and requests that you send that message back to your them.  The truth is that the message you received through WhatsApp is from an account taken over by a hacker who is looking to take over your account too.  The text message that you are sent on your phone is actually a dual factor authentication code sent to you because the hacker is trying to take over your WhatsApp account and if you sent it to your “friend” as requested, you are actually turning over that code to a hacker who can then use it to take over your WhatsApp account in order to send out messages with malware or lure your WhatsApp friends into becoming victims of scams because they believe the messages sent by the hacker with malware and scams are coming from you.

Another common version of WhatsApp scams involve your getting a message from a friend who for any of a variety of reasons needs you to send them money.  Remember my motto, “trust me, you can’t trust anyone.”  Whenever you get such a message, you cannot be sure who is really sending the message so never send money in response to such a message unless you have called the actual person and confirmed that the message was legitimate.

Recently in the United Kingdom there has been a significant increase in this type of scam with victims of the scam losing as much as 50,000 pounds.


In 2017 WhatsApp added dual factor authentication capabilities and you should use this if you are a WhatsApp user.  Passwords are just too vulnerable to be the sole method of authentication for important apps or accounts.  Whenever you are able to use dual factor authentication for a particular website, account or app, you should take advantage of this.  Some dual factor authentication protocols do not require it to be used when you are accessing the account from the computer or phone that you usually use, but only if the request to access the account comes from a different device, which still provides security without even having to use the special code.  However, as indicated in the scam I referred to above, dual factor authentication is not foolproof.  Never underestimate the power of a fool.  Fortunately, there is a way to protect yourself from this scam by setting up a PIN for your WhatsApp account so that even if someone got your dual factor authentication code, they could not access your account. You can set up a PIN by going to the Settings-Account section of the app.  Of course, you should also remember to never under any circumstances provide to anyone the dual factor authentication code sent to your phone.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and insert your email address in the tab that states “Sign up for this blog.”