WHATSAPP WEB OF DECEPTION
Loading article...
The communication usually starts with a greeting like ‘Blessings, how are you? I hope you’re doing great. Please, can you do me a favour?’ or perhaps, ‘Good afternoon. How are you doing? Please, I need you to do me a favour’.
Behind the seemingly innocent WhatsApp messages from trusted friends and relatives are brazen cybercriminals exploiting one of the most powerful tools at their disposal: trust.
After compromising a user’s WhatsApp account, scammers impersonate the victim and begin messaging people in the person’s contact list, relying on the familiarity of a known name and profile picture to lower their guard.
What starts as a casual conversation quickly turns into a request for money.
In one exchange obtained by The Gleaner, the person controlling a compromised WhatsApp account asked a trusted contact to send US$820 (J$129,000) via Zelle, claiming to be experiencing problems with a bank account and promising to repay the money the following day.
“I wanted to ask if you could help me Zelle $820 to someone. I am having issues with my account. I will send back to you by tomorrow once I rectify my account,” the message read.
When the recipient attempted to verify the request by placing a voice call, the call went unanswered.
Instead, the sender responded by text, saying, “Can’t talk now. Call me later,” before adding, “I’m on a Zoom conference meeting, just give me a text.”
The exchange illustrates how cybercriminals attempt to keep conversations confined to text messages while creating a sense of urgency in an effort to persuade victims to transfer money before realising that the WhatsApp account has been compromised.
The Gleaner has spoken with several people in ‘the web’ whose WhatsApp accounts were compromised in recent days, exposing scores of their contacts to the same scam in what one victim (Victim A) described as a “web of deception” as the fraud spread from one trusted account to another.
Victim A said he realised that his own account had been compromised after responding to a message from someone he believed to be a trusted contact.
Before long, he said, messages were being sent from his account to people throughout his contact list.
“It’s like a web of deception,” said the man, who is in his 40s, explaining that once one account is compromised, cybercriminals begin targeting everyone connected to that individual.
He told The Gleaner that he was going to report the matter to the Cross Roads police station and urged victims to report the incidents to both the police and the Jamaica Cyber Incident Response Team (JaCIRT), warning that the scam is too widespread to ignore.
“I am concerned because I did a transaction recently, and I am waiting on rebate, and I don’t want it to get tied into this. My accounts are connected to my phone. I called Digicel and they said I have to wait seven days to see if the WhatsApp can be restored or I will have to change my SIM card ... . The number is still available to me, but the WhatsApp is compromised,” he said.
Another victim (Victim B), who is in his 60s, said he only discovered something was wrong after his phone began ringing constantly with calls from worried friends and relatives.
“A lot of people are calling me right now,” he said, explaining that contacts wanted to know why he was sending unusual WhatsApp messages requesting favours.
Instead of responding to ordinary conversations, he spent much of yesterday reassuring people that he had not sent the messages and that his WhatsApp account had been taken over.
“I don’t know why he (Victim A) sent me that message,” the older victim said, seemingly perturbed over getting caught up in the scam simply because he responded to a message sent from Victim A, who he knows as a community friend.
“I tried to use another SIM card in the phone, and I am still locked out. It is telling me that they are trying to verify if I am the correct person,” Victim B told The Gleaner.
The experiences of both victims highlight how quickly the scam can spread once criminals gain access to a single account.
Unlike conventional phishing attacks that target random individuals, compromised WhatsApp accounts, give scammers direct access to a victim’s personal network.
The potential reach of the scam is significant.
Jamaica had approximately 3.06 million active mobile connections at the start of 2025, equivalent to more than 100 per cent of the population, reflecting the fact that many people use more than one SIM card.
The country’s mobile market is dominated by Digicel and Flow, and with WhatsApp among the most widely used messaging platforms for personal and business communication, cybersecurity experts warn that a single compromised account can expose dozens, if not hundreds, of trusted contacts to fraudulent requests for money.
Every friend, relative, colleague, and business associate stored in the contact list becomes a potential target, with each successful compromise creating another pathway through which the fraud can spread.
The Gleaner also contacted three divisional commanders, two of whom said they had heard of similar incidents in recent days but had not yet received formal reports from complainants.
Godphey Sterling, director of the Jamaica Cyber Incident Response Team, said the agency has not seen any recent upticks of WhatsApp account hijackings but would examine the information brought to its attention by The Gleaner.
“We will do a deeper dive,” Sterling said.
“Outside of that, we will put out a general advisory, but there has been no increase in the reports to us in recent times.”
He encouraged members of the public to report incidents to the JaCIRT, noting that reports help the agency build a clearer understanding of emerging cyber threats and determine whether additional public warnings are necessary.
Sterling also said that the safeguards outlined in the JaCIRT’s previous advisory in December 2024 remained relevant.
“There has not been that much of a shift with respect to WhatsApp in terms of a technology upgrade,” he said.
“Those safeguards, if they’re followed, and persons are judicious and cautious … they should act as an immediate sort of shoring up of their security against the WhatsApp hijacking.”
The JaCIRT has previously warned that cybercriminals frequently use phishing and social-engineering techniques to compromise WhatsApp accounts before impersonating victims to solicit money from their contacts.
The agency advises users to enable two-step verification, never share their verification codes, review linked devices regularly, and independently verify unexpected requests for money even if they appear to come from someone they know.
For victims, however, the greatest damage extends beyond the temporary loss of a messaging account.
Once trust has been weaponised, every person saved in a victim’s contact list becomes a potential target.