You probably don’t think you’d be fooled by a scammer posing as a family member, but many people already have been. By the time money has exchanged hands it’s too late to do anything about it, so make sure you and your family members are on the lookout for this devious scheme.
How The Scam Works
This scam might not be new, but it’s definitely on the rise, particularly using the WhatsApp instant messaging platform. Like other scams, this is a confidence scam that preys on a victim’s desire to implicitly trust the person they are talking to. Unfortunately, many have been caught out this way.
The most commonly-reported iteration of this scam has the scammer posing as a family member, claiming that they have lost their phone and have a new number. There may be a sob story to go along with it, like how they’ve lost all of their photos or that they cannot access their online banking or other accounts at the moment.
I’m keen to warn you about a scam which my lovely, kind mum so nearly fell for. It was incredibly believable. Someone pretends to be you but on a different number, contacts someone close to you and asks them to quickly pay a bill for you before you pay them back. Mum in green 👇🏼 pic.twitter.com/SroiuftrpN
— Jacqui Oatley (@JacquiOatley) July 13, 2022
The scammer may know the names of other family members or acquaintances, which further builds their victim’s trust. The scam comes to a crescendo when the victim is asked to settle a bill or send money to an account for some reason. Payment may be made using a legitimate-looking banking website or payment gateway, or it could be to a PayPal, Venmo, Cash App, or similar account.
Some scammers even send bank account information, which will be in someone else’s name. They may attempt to explain this by saying it’s a friend’s account, or it’s someone to whom they owe money. They’ll promise to pay you back once the “lost phone” debacle is resolved.
It’s often too late to do anything once the victim has realized something is amiss and money has been transferred. Financial institutions might not cover such an incident under online fraud since the money was sent willingly. PayPal and other operators may not reverse the transaction since there is no “buyer protection” on a personal payment.
The Same Scam May Take Other Forms
At the time of writing in mid-2022, this scam is blowing up and seems to take the “family member” guise on WhatsApp. But the scam is nothing new and may take other forms.
It’s not dissimilar to spear phishing, where scammers will target a single (often “whale”) target with a big payout. This mostly affects businesses and involves convincing someone high up the chain of command to authorize a payment or release of information. These scams are particularly lucrative in the business world where payouts can be much higher.
But scammers may also try to impersonate your friends or members of organizations close to you. They could pose as your child’s school, your local church group, or even a charity or fundraising organization.
Suspect Something? Reach Out
The number one rule is to immediately be suspicious of a close family member claiming to be contacting you on a new number. You should seek in-person or phone confirmation that this is the person you think it is, even if they don’t immediately ask you for money.
Use the supposed contact’s last-known phone number to quickly call and validate. Assuming they answer, you’ll bust the scam wide open. Scammers will try pressuring you into not doing this in a bid to rush you into complying with their requests before you’ve had time to think it through.
If the person uses a VoIP service like FaceTime, Facebook Messenger, or Skype then you can try contacting them on those platforms. Since these services are usually linked to an account rather than just a number, getting a new SIM card and phone number won’t affect them.
Again, don’t be swayed by the pressure. Even if the person reaching out to you seems desperate to get a financial matter resolved, if they’re an honest person, they’ll likely understand once you explain to them why you were being so careful in the first place.
How Scammers Target You
Scammers may target a broad number of people in the hope that someone takes the bait, or they may be more careful in who they pick. This scam is more likely to work if the scammer can build trust with the victim, and that involves knowing more about their target.
Social media websites like Facebook or Instagram can provide the scammer with all they need to launch a convincing attack. Your profile may list friends and family members, particularly since Facebook allows you to make these familial links right on your profile.
Even if you haven’t gone out of your way to list this information, having access to your profile may be enough. A scammer may look at your friends and link people using their surnames, or simply look at who is interacting and commenting on posts. The same is true of your closest real-world acquaintances, who may appear in photos or check-ins.
For scams targeting businesses, your company website may provide a comprehensive list of employees. Some of these even list email addresses so that anyone can reach out. This hierarchy can help a scammer single-out ideal targets, people to impersonate, or individuals they can name drop in correspondence to build trust.
Actions You Can Take
One of the best things you can do is lock down your Facebook profile. The less of your personal information that is freely available online, the better. Hide your friends list, make past posts private, and de-list your profile from search engines. This goes for all sorts of scams, from identity fraud to social engineering attacks like this one.
Be aware that even if you adopt strict Facebook privacy settings, you could still be targeted using the information you provide there. If a friend’s account is compromised, a would-be scammer can use it to gather information for a scam like this. You should also consider making your Instagram account private if you use it.
Always be vigilant and suspicious of “new number” texts and instant messages. Seek verification either in person or over the phone that the person you are speaking with is who they say they are. If you can’t get a straight answer, don’t comply with any requests.