How to spot phishing and WhatsApp scams
After Tory MP William Wragg says he was blackmailed into sharing his colleagues’ phone numbers, what are the best ways to avoid being scammed?
- Oops!Something went wrong.Please try again later.
Police have launched an inquiry into a highly-targeted phishing attack directed against several MPs over the course of 14 months.
The Metropolitan Police said on Friday it was assessing reports of a parliamentary honeytrap sexting scam after Conservative MP William Wragg reportedly said he was blackmailed into sharing his colleagues’ phone numbers for fear of intimate images of him being leaked.
The claims have shown that many people are exposed to scams as fraudsters become more sophisticated in their attacks. In some cases, successful criminals are stealing hundreds of thousands of pounds in just a single intrusion. On Thursday, Uswitch revealed that Brits lost on average £1,212 million to credit card fraud in 2022 and £422 million in the first three months of 2024 to fraudsters overall.
Yahoo News spoke to Javvad Malik, lead security awareness advocate at KnowBe4, on why the risks of such phishing attacks are growing, thanks to technologies such as generative AI, which enable criminals to launch attacks even if English is not their native language.
The ‘spear-phishing’ attacks against MPs (where the attacks are tailored to a specific victim) were delivered via WhatsApp messages in what experts have suggested could be an attempt to compromise Parliament - and WhatsApp is increasingly used to target phishing victims.
Spear-phishing attacks are often directed against business people, but anyone can fall victim to phishing, with attackers growing ever more sophisticated and attacking via SMS (smishing) voicemail (vishing) and even using AI-generated voice ‘clones’ of people.
Here are Malik’s tips on how to avoid falling victim to sophisticated phishing attacks. He also advises enabling two-factor authentication on all accounts to avoid criminals taking over social media, email and banking accounts.
Watch out for ‘urgent’ communications
Be particularly wary of messages that create a sense of urgency or pressure you to act within a short timeframe, Malik says.
Malik says: "Scammers often use this tactic to make you feel anxious and more likely to make a hasty decision. Remember, legitimate organisations will rarely ask you to take immediate action without proper verification."
Be wary on WhatsApp
Scammers are increasingly using this platform to target individuals, so it's crucial to apply the same level of scrutiny as you would with other forms of communication, Malik says.
Attackers on WhatsApp often pose as recruiters, or offer investment deals.
Malik says: "On WhatsApp, be cautious of messages that come from unknown contacts or that contain suspicious links or requests. In particular, do not share any codes that may appear on WhatsApp as these are often used to take control of WhatsApp accounts by criminals."
Watch for the unexpected
Scammers often rely on the element of surprise to catch you off guard, hoping that you'll let your defences down.
Malik says: "If you receive a message from an unknown sender or a communication that you weren't anticipating, treat it with a healthy dose of scepticism.
"Another red flag to watch out for is when a message asks you to do something outside of your normal routine. This could include sharing confidential data, clicking on a suspicious link, downloading an unfamiliar attachment, or purchasing some gift cards. If the request seems unusual or makes you feel uncomfortable, it's best to err on the side of caution."
Listen to your instinct
If something looks off, it probably is, says Malik.
While scammers can craft very convincing attacks (with apps such as ChatGPT meaning that poor spelling and English are no longer a warning sign of phishing attacks), there are often warning signs.
"Always double-check the sender's email address or phone number," says Malik. "Scammers often use slightly altered or spoofed addresses to make their messages appear genuine.
‘When it comes to links, hover over them with your cursor before clicking to see where they actually lead. If the destination seems suspicious or unrelated to the supposed sender, do not click on it. This applies to links in emails, SMS messages, and even those shared on WhatsApp.’
Read more:
Kate Middleton conspiracies linger after cancer announcement (Yahoo News UK)
AI researcher calls for 'immediate worldwide ban' (Business Insider)
AI researcher says '10-20%' chance AI will take over (Fortune)
