The WhatsApp scams They have skyrocketed in 2025, becoming one of the most common types of digital fraud. With a database of over 3.000 million users With a global presence and a massive footprint in Spain and the rest of Europe, the app has become the perfect playground for cybercriminals, as shown in cases of WhatsApp accounts linked to scams.
According to various reports Check Point Software and other cybersecurity teams, criminals have perfected their tactics of social engineeringExploiting emotions such as fear, urgency, or blind trust in contacts and familiar brands, the objective is almost always the same: to steal money, personal data, or directly control of the WhatsApp account. Furthermore, in some technical cases, it has been detected that... malware that steals chats and passwords.
WhatsApp as one of the major vectors of digital fraud
During 2025, WhatsApp has established itself as a priority channel for online fraud.This is true both in Spain and in other European countries. In many cases, it's the starting point of the scam, and in others, it's the final step that criminals always try to steer the conversation toward. Furthermore, initiatives such as the New preview on WhatsApp They are trying to stop scams in chat rooms.
Experts explain that the trust environment generated by the app, combined with the immediacy of messages The feeling of closeness with family, friends, or brands makes users lower their guard. This mix of urgency and familiarity is the perfect breeding ground for increasingly sophisticated scams to thrive; that's why it's advisable to... Configure WhatsApp optimally.
In 2025, the detected campaigns share a very clear pattern: removing the user from more controlled environments (such as a bank's website or online banking platform) and move the conversation to WhatsApp, where it's easier to pressure them into making payments, sharing data, or providing verification codes. There are practical guides available for Avoid scams when sharing your screen which illustrate how many of these frauds end.
The "son in distress" scam: the classic that continues to be a hit
Among the latests Moravia's compositions Most common WhatsApp scams, the deception of the so-called “son in trouble” It remains one of the scams that claims the most victims. Despite having been circulating for years, it continues to work because it directly appeals to fear and the protective instinct of parents; the press has published warnings and guides to avoid falling in similar variants.
The scheme begins with a message from a Unknown number In this scam, someone pretends to be the victim's son or daughter, claiming they've lost their phone, are using a new one, or can't access their usual number. From there, the supposed relative asks for help. urgent helpalmost always in the form of an immediate transfer. If you suspect anything, follow the Steps to report scams before sending money.
These types of messages are usually presented as emergency situations: a medical problem, an accident, a debt due in a matter of hours, or any other excuse that generates emotional pressure and a sense of emergencyIn that state, many people react automatically, without checking if they are really talking to their child or a stranger; checking what personal data that you should not share It helps to prevent the situation from getting worse.
Cybersecurity teams emphasize that the key detail is that the scammer prevents the victim from stopping to think. That's why they recommend Always verify identity through another channel, such as a call to the supposed relative's usual number or contact with other relatives before sending money.
Ghost Pairing: The Silent Hijacking of Your Account
Among the most worrying techniques of 2025 is the so-called Ghost Pairing, also known as silent hijacking of WhatsApp accountsUnlike other scams, the main objective here is to gain technical control of the account without the user noticing at first glance. Cases like the wave of account hijackings They demonstrate the risk.
This technique allows attackers link the victim's WhatsApp account to another device without needing to steal the SIM card or know the phone's password. The trick is to convince the user to share the verification codes that the app itself sends to confirm access; there are similar methods to theft via voicemail.
Deception can come in different forms: messages that supposedly come from WhatsApp technical service, fake security alerts or even prior conversations in which the cybercriminal gains the victim's trust before asking for the code "to solve a problem".
Once the attacker enters that code into their own device, He takes control of the accountFrom there, they can read and send messages, impersonate the victim, and use their identity to... scam other contacts, multiplying the reach of the campaign.
Furthermore, some recent incidents have highlighted third-party tools for automating WhatsApp Web that, in reality, were hiding ClayRat, the spyware that masquerades as WhatsApp and malware capable of intercepting messages and credentials. These cases, primarily targeting developers and companies that integrate unofficial libraries, demonstrate the extent to which cybercriminals will seek any technical loophole to maintain persistent access to accounts.
Impersonation of official bodies and administrations
Another category of fraud that has grown significantly in 2025 is that of the impersonation of public bodiesIn Spain, one of the most frequently used hooks is the use of the name of the DGT or other administrations to send messages about fines, penalties, or pending procedures; this tactic is similar to Facebook phishing scams.
The modus operandi usually consists of a warning that arrives via SMS, email, or even social media, and that redirects the victim to a conversation on WhatsAppOnce there, the criminals send links to supposed official pages or ask for personal and banking information under the pretext of regularizing the situation.
In other variations, the message arrives directly via WhatsApp, with a very urgent tone: “You have an outstanding fine,” “Your vehicle will be impounded,” or “You will lose an administrative deadline if you don’t pay today.” This language pressures the user to access websites that mimic the design of institutional siteswhere credentials and cards are stolen.
Authorities remind everyone that official bodies They do not process payments or request verification codes through WhatsApp, and that any important communication is carried out through certified channels or through electronic headquarters with a digital certificate.
Impersonation of major brands and digital platforms
Along with the usurpation of administrations, there has also been a surge in Impersonation of large companies and online servicesWell-known e-commerce brands, operators, and platforms serve as bait for scams that seek to steal passwords, credit card numbers, or even control of WhatsApp accounts.
The messages usually warn of blocked orders, suspicious charges, or account access problemsFrom there, the user is invited to click on a link to "verify the information" or is offered the option to continue the process directly via WhatsApp to "speed up the procedure".
In reality, these links lead to fraudulent pages where the victim is asked to enter their login details, payment information, or confirmation codes. In some cases, the WhatsApp conversation allows the scammer to guide the person step by step, making them believe they are talking to a legitimate business. legitimate customer service.
The ultimate goal is usually twofold: on the one hand, steal credentials to access online shopping accounts or subscription services, and on the other hand, to capture the information necessary to take control of the WhatsApp account and continue the chain of frauds using the victim's identity.
Campaigns that start outside of WhatsApp and end in the app
One very clear trend in 2025 is that many scams will already be They don't start directly in WhatsAppbut on other seemingly innocuous platforms. From there, the criminals guide the victim to the messaging app, where they complete the deception with fewer controls and a greater sense of privacy. For example, they have detected fake job offers which end up diverting the conversation to WhatsApp.
Campaigns have been detected that use social networks like Facebook or TikTok These ads often offer bargains, gifts, raffles, or easy jobs. They frequently create professional-looking ads or posts that invite users to contact them via private message, ultimately leading the conversation to WhatsApp.
Cases have also been identified in which recourse is made to legitimate services in the educational fieldsuch as Google Classroom, to send fake invitations to courses or activities. These invitations lead to phishing pages or ask the user to confirm their participation by writing to a WhatsApp number, where the fraud is carried out more easily for the attacker.
Threat analysts emphasize that the pattern is repeated: the first contact is made in a trusted environment—a familiar social network or an academic platform—and then the victim is pushed to continue via WhatsApp, where the psychological pressure and informality of the channel They make it easier for you to end up sharing data or making payments.
Other forms of fraud related to WhatsApp
Although the most visible scams of 2025 revolve around impersonating family members, organizations, and brands, other threats linked to the app ecosystem have also been observed, especially when using unofficial tools or downloads from unreliable sources.
Recent investigations have uncovered software packages that masqueraded as legitimate libraries for automating WhatsApp Web, but in reality, They captured messages, files, and credentials. from the users or the developers who integrated them into their projects.
These types of attacks show that cybercriminals not only seek to deceive through messages, but also to exploit technical vulnerabilities and poor installation practicesFor example, when using modified versions of WhatsApp or third-party applications that promise "extra" features or eye-catching customizations.
In these scenarios, the risk goes beyond the individual user: if the malicious tool is integrated into company systems, it can expose contacts, conversations, and internal documents, greatly amplifying the impact of the incident.
Key recommendations to avoid WhatsApp scams
Faced with the rise in fraud, cybersecurity specialists insist that the best defense remains a mix of prevention, healthy skepticism, and common senseNo technical measure can replace calmly reviewing what you receive on your mobile phone.
The first rule is clear: be wary of any unexpected message This applies even if the sender asks for money, personal information, verification codes, or tries to redirect you to an unknown link. This also applies when the sender appears to be a family member, friend, or a known institution.
It is also essential Verify the sender's identity through an alternative channelIf someone claims to be your child from a new phone number, it's wise to call your usual number or speak with other family members before transferring a single euro. In the case of supposed official organizations or brands, it's best to look for their official contact channels online and verify the information.
Experts also remind us that you should never share the verification codes sent by WhatsApp, banks, or other servicesThese codes are the key to accessing your accounts, and no reputable company will ask for them via WhatsApp or text message.
Another essential measure is to periodically review the paired devices to your WhatsApp. From the app's settings menu, you can see which devices you have open sessions on and close any access you don't recognize. Take this opportunity to activate the two step verification It adds an extra layer of protection.
Recommended always keep the app updated And avoid installing mods, unofficial versions, or tools of dubious origin that promise miraculous features. In a context where messaging has become central to digital life, protecting your WhatsApp account and personal data has become as important as safeguarding your bank card or ID.
