How the Whatsapp scam that affects the elderly and steals 5 thousand euros works

Listen to the audio version of the article

We immediately notify parents and relatives, especially if they are elderly. A Whatsapp scam is running that targets them and risks doing great, irreversible damage. to their checking accounts. It starts with a message from an unknown number. “Mom, I changed my number, memorize this”. Or: “I dropped my cell phone and I’m calling from a friend’s number”. And it ends with an instant transfer of 5 thousand euros, which the victim, recipient of the message, will lose forever. “The scam is now quite widespread,” explains Paolo Dal Checco, one of the best-known forensic engineers in Italy.

The story of the scam

Twitter user @WebMarkeThink explains that a few days ago they stole 5,000 euros from his mother and released screenshots of the scam. “She Unfortunately she was unable to recover them and in any case I didn’t have much hope”, he explains to us (his name is Rocco). The scam can come with different messages, but the underlying trick is the same. The criminal is posing as the son of the victim. He contacted her by sending automatic messages to mobile phone numbers in his possession (by now, due to the many data breaches that have occurred so far, all Italian mobile numbers are available to criminals, which can be used for scams via SMS or Whatsapp) .The criminal finds an excuse to use a different number than the real son’s (broken cell phone, empty or simple number change).Immediately he simulates an emergency: he needs money for an urgent problem. Not only that: he has lost access to the account and therefore asks to send the money to that of a friend. In the message he provides his name and Iban. He also asks to do it instantaneously, so the bank doesn’t have the time to reverse it.

What is the risk?

The figure is usually 5 thousand euros, the maximum limit. Of course, in order to fall for the victim, the victim must ignore various alarm signals, first of all the strange coincidence of two rare events, a new number and blocking of the account. If he calls the number to verify, the criminal pretends the line is jammed. Third signal that cries scam. Yet, many fall for it, especially the elderly and in particular because they are driven by the sense of urgency that the criminal conveys. “The transfer ends up in an account opened with false documents or – more probable – opened by a ‘money mule’, an involuntary accomplice”, explains Dal Checco. The “mule” is a user who, previously contacted by the criminals with e-mails sent in torrents, believes he is doing a simple job from home: when he receives money in his own account, he must transfer it to another account (controlled by the criminal, perhaps at abroad) or on the Western Union circuit. In both cases, the scammer can withdraw the money in cash, which then becomes untraceable. And non-refundable to the customer. The worst part of this scam is just that. Unlike others, where the criminals gain internet access to the customer’s account, there is no hope of recovering the money via the bank.Q

What will happen with the Ai

Moreover, this type of scam could become more insidious in the future, due to the evolution of artificial intelligence, as Bruce Schneier recently explained in an interview with the Economist. He is one of the best known cybersecurity experts in the world. Artificial intelligence would make it possible to answer the mother’s call with a fake audio, which reproduces the son’s voice. “Deepfake” audios, as they are called, are already almost indistinguishable from reality. It is also possible to make videos to deceive the victims, even if for now the final result is less credible than the audio. Of course, deepfakes are used for more targeted attacks (of the “CEO Fraud” type) than the raining Whatsapp messages that target the elderly. In fact, it is necessary to obtain biometric elements to be simulated with AI and context information to make the scam credible. The aim is to steal hundreds of thousands (or millions) of euros by posing as the CEO of the victim company or one of its suppliers and thus obtain a wire transfer. At the moment these scams take place “low tech”, via email, with a lot of social engineering. The advice to defend yourself, in all cases, is to contact the person asking to make a bank transfer or other high-risk action on a different channel (such as the dissemination of confidential documents, industrial secrets). This principle applies to both CEOs and elderly mothers.