WhatsApp Scams: Can You Get Scammed on WhatsApp & How to Avoid It

WhatsApp scams can happen to anyone from your company’s junior employee to the CEO. These are way more sophisticated than the spam texts. Today’s message sounds like it’s from a superior, a bank or your boss who needs something done in secret and fast.

How WhatsApp Impersonation Scams Led to Multi-Crore Losses

The Mumbai Impersonation Fraud (₹10.4 Crore)

An INOX accounts executive received a WhatsApp message, claiming to be from the executive director, Siddharth Jain. The scamster used Jain’s photograph and manner of speaking to make 63 payments amounting to ₹10.40 crore over a period of 12 days.

The fraud was uncovered when the employee checked the requests with the relevant authorities. Four men have been taken into custody, but the presumed ringleader has not yet been found.

Naresh Gujral WhatsApp Scam — ₹7.8 Crore

Former Rajya Sabha MP Naresh Gujral lost ₹7.8 crore after fraudsters created a fake WhatsApp account using his profile photo and impersonated him. Believing the messages were genuine, company officials authorized four RTGS transfers over four days to accounts controlled by the criminals.

The scam remained undetected until Gujral’s daughter noticed the transactions and contacted him directly, revealing that he had never issued the payment instructions. Authorities later froze a significant portion of the stolen funds.

Same rush. Same picture. Same result. It was only an hour that should have come on day one that made its way onto the phone.

WhatsApp Phishing is a new, advanced form of SMS scam

Scammers don’t need to be very technical to pull off WhatsApp scams. It only has to appear believable to be from someone it is familiar with. The whole point of WhatsApp phishing is to exploit WhatsApp’s personal, informal atmosphere. When someone sends a cold email from an unknown sender, the recipient is much more likely to be suspicious than if the message came from a recognized WhatsApp number.

Scammers also use foreign phone numbers to bypass local caller screening. The message arrives, is perceived as urgent, and, without a second thought, a link is clicked or an OTP is forwarded.

Common formats:

• A fake delivery failure link where the login details are taken from you
• A lottery prize requires a “processing fee” to release the winnings
• A warning that your bank account has been suspended
• A QR code or link offering cashback or a reward

One study found that 21% of WhatsApp users had received a QR code or an offer to pay money on the platform that was actually fraudulent. Most of them will redirect to a cloned login page. Before a real attacker attempts this, Threatcop’s WhatsApp Phishing Awareness and Simulation will test employees in this very same scenario.

Impersonation Fraud on WhatsApp: Businesses are the Main Target

The real money loss is from impersonation fraud on WhatsApp. A scammer pretends to be a director or CFO, contacts someone in finance, and asks for an immediate fund transfer. No call. No email thread. Just a WhatsApp message and a wire.

Voice cloning has also become part of this. In one reported case, a cloned voice resembling Sunil Bharti Mittal was used. The Inox and Gujral cases followed the same approach on a larger scale.

No software can detect this type of attack, since it relies entirely on human trust. That’s where Threatcop’s Security Awareness Training comes into play.

Fake Job Offers: A Growing Scam on WhatsApp

Job seekers are also hit hard—about 42% of those asked paid money for a nonexistent job. The scam layers up at each stage, making each more believable than the last. Several of these are associated with fraud compounds in Myanmar, Cambodia, and Laos, with special attention on Indians seeking work abroad.

How Big Is the Problem in India

In 2025, India suffered losses of ₹22,495 crore in cybercrime cases, with 2.81 million complaints reported, an increase of 24% from 2024. Today, WhatsApp and Telegram are the main channels for financial fraud, replacing email.

As many as 1.2 million SIM cards were blocked, 1.33 million mule accounts frozen, and ₹5,489 crore was seized in 2025. The epic Operation CyHawk even arrested the suspects in the middle of their withdrawal of ₹8 lakh from Mumbai. Enforcement only happens after the fact, though. Clicking, receiving the OTP, and transferring — all of these take seconds.

How to Avoid Getting Scammed on WhatsApp

• If a message arrives claiming to be from your boss or bank, call them on a number you already have, not the one in the message.
• Urgency is a tactic. “Don’t call me; I’m in a meeting” is designed to stop you from verifying.
• No bank or company will ever ask for an OTP over WhatsApp
• Profile photos mean nothing—anyone can copy one in seconds
• Any job or refund that asks for an upfront fee is a scam
• Report at cybercrime.gov.in or call 1930
• Enable Two-Step Verification to prevent your number from being hijacked

AI is Now Being Used to Attack on WhatsApp

Most new WhatsApp scams are still launched via phishing emails. The worker opens it, and next, an artificial intelligence-based agent pops up on a WhatsApp chat. Unlike the old cheap chatbots, this one sounds much like a genuine human and is listening to you, trying to obtain your employee ID or other sensitive data bit by bit.

Some individuals will see a dodgy email but may not realize the same thing is happening in a chat.

Threatcop‘s AI WhatsApp phishing simulation does the very same with existing employees and requirements to explore the vulnerabilities of organizations before a real attacker does.

Training is the Real Fix

The filters failed in both the Inox and Gujral instances. Both were trusted professionals who merely failed to verify messages with a second source before acting on them. 

This is a skill that can be learned. It is built regularly via phishing, smishing, and impersonation simulations as part of Threatcop’s Security Awareness Training. When paired with Threatcop’s Phishing Incident Response, employees are prepared to act before funds are transferred out of the account. 

Don’t Wait for It to Happen to Your Team

That trust is the key to WhatsApp scams, and in the moment, it is difficult to question it. It wasn’t that the Mumbai and Delhi organizations wanted more software; they wanted more staff trained to lift the phone before approving a transfer.

FAQs