WhatsApp is a frequent target for hackers and scammers.
The Meta-owned platform is among the most popular messaging apps, with over a billion active users worldwide. Such a massive following makes WhatsApp a priority prey for cybercrime. Below are some common scams and security issues to look out for on WhatsApp.
- Web Malware
One of the apparent targets for a cybercriminal is WhatsApp Web. The platform has long allowed people to use their PC by scanning your code through your phone or downloading a desktop app. The desktop version is different from the app in a significant way.
Phones’ App Stores, including Android’s Google Play Store and Apple’s App Store, are more regulated than the web. Notably, the App Stores show the official app, but the wider internet won’t.
Scammers, hackers, and criminals have noted this discrepancy and passed malicious software as WhatsApp web apps. If you download this malware by mistake, it can lead to malware distribution on your device.
Other hackers try a different approach, developing phishing websites similar to WhatsApp web and requesting only your contacts to use the service. They then use the contact provided to spam you or correlate with hacked data online.
The best way to enhance security would be to use sites and services from legitimate sources. Only acquire the WhatsApp web client from the WhatsApp website. Alternatively, you can use official apps for Windows, macOS, iPhone, and Android devices to avoid criminals.
- Unencrypted Backups
All your WhatsApp messages are end-to-end encrypted, meaning that only you and the recipient can decode them. This feature makes it impossible for third parties, even Meta, to intercept the transmission. They can only tamper with it if the messages are decrypted on your device.
You have an option to back up all your WhatsApp media and messages on iOS and Android to recover them if they get deleted accidentally. In addition to the typical cloud-based backup, your device has a local backup. On iPhone, you can back messages to Apple’s iCloud. If you’re using Android, then your backup destination is Google Drive.
It’s worth noting that the backup file stored in Google Drive and iCloud is decrypted, making it theoretically vulnerable to hackers.
The lack of other backup options leaves your WhatsApp data security at the mercy of cloud providers. No massive case of Google Drive or iCloud hacks have surfaced so far, but the attack remains possible. It wouldn’t be hard for cybercriminals to access the cloud storage accounts containing decrypted backup files.
Data encryption helps prevent government censorship and unauthorized access to personal data. For instance, if the backup file is stored in cloud storage, all the government would need is a warrant and gain access to your data.
Thankfully, you can now backup your end-to-end encrypted WhatsApp chats. However, you have to enable the setting through the steps below.
- Go to “Settings.”
- Open “Chats.”
- Click “Chat Backup.”
- Select “End-to-end Encrypted Backup.”
- Click “Turn On.”
Now your end-to-end encryption is enabled on WhatsApp.
- Facebook Data Sharing
Recently, Meta has had a fair share of criticism regarding cyber-attacks and malware distribution. Common areas facing scrutiny include the company’s anti-competitive actions and effective market monopoly. Regulators closely evaluate any takeover to stop any anti-competitive behavior.
In 2014, Meta announced plans to acquire WhatsApp. However, the European Union only approved the deal after demanding Meta maintain the two as different entities.
Immediately after the policy changes, users could opt-in or out of the Meta-WhatsApp data sharing. However, this option is no longer available, and no one seems to notice or do something about it.
Later in 2019, Meta introduced another change. This time it sought to merge the messaging platforms. The first phase of this merger happened in late 2020 when the company linked Instagram Direct with Messenger.
Later in early 2021, Meta crafted a new data sharing policy for its WhatsApp platform allowing data transfer between the social network site and the messaging app.
- Fake News and Hoaxes
Social media platforms have become common grounds for misinformation and fake news. Meta, in particular, has been criticized for facilitating misinformation, especially during the 2020 US Campaigns.
Other notable cases involving misinformation were reported in Brazil and India. WhatsApp was implicated in the civil unrest witnesses in India around 2018. Criminals used the platform across the nation to send fabricated messages about child abductions in the localities. The massive sharing of these messages resulted in the lynching of people implicated by the false claims.
Around the same time, Brazil struggled with widespread misinformation on WhatsApp targeting campaign candidates. Since WhatsApp displays the phone number as your username, criminals purchased several phone numbers to start the malicious action.
Due to these and other cases in the same year, 2018 became infamously terrible for the company. Even staunch followers admitted that even though digital misinformation was difficult to eradicate, WhatsApp’s response to these events was below expectation.
One notable change by WhatsApp was limiting the number of message forwarding capabilities from 250 to only five groups. Also, the forwarding shortcut button was unavailable for users in regions around India and Brazil.
Even after all those interventions, WhatsApp was involved again in misinformation about the COVID-19 virus. Remember, this was when people highly relied on such sites for news due to the lockdowns imposed across the world.
At that time, Meta limited the forwarding capability for these regions too and worked with authorities to help people access only the correct information.
Notably, both scenarios- the 2018 political events and the COVID-19 virus- involved misinformation. Since the company claimed to have resolved the issue in 2018, it remains unclear why it removed the initial forwarding limits creating an avenue for the subsequent COVID-19-related misinformation. It’s also possible that the interventions implemented in 2018 were ineffective.
- Your WhatsApp Status
The WhatsApp status feature has been a short text line for many years, morphed into what appears like the popular Instagram Stories feature.
Generally, Instagram is considered public despite having a private option. On the other hand, WhatsApp is considered more intimate and appropriate for family and friends. In this case, the status you share on the platform only appears on a private group.
Sure, WhatsApp even lets you control who can view tour Status. Here’s how.
- Click “Settings.”
- Open “Accounts.”
- Go to “Privacy.”
- Click “Status.”
The three privacy choices are:
- Contacts except…
- Share with…
Note that blocked contacts on WhatsApp can’t see your status. Also, your status will disappear after 24 hours, just like Instagram.
Should I Use WhatsApp?
WhatsApp has many security concerns. One of the primary concerns is its association with Meta, which shares similar privacy dangers. However, the move to implement end-to-end encryption in such a popular app was a definite security upside that somehow addressed WhatsApp’s privacy issue.