There are currently scams circulating on WhatsApp that can be very dangerous for you. Users receive seemingly harmless messages—usually from unknown numbers without unique names—and these messages contain nothing more than a photo and a question like “Is that you?” or “Do you know this person?”
This is a clear attempt to get you to download and open the attached image. On WhatsApp, you first need to allow images to be downloaded, and this is what scammers are trying to achieve.
This file is not actually a photo of you or someone you know, but rather it is being manipulated to deliver malware and open the door to hacking your smartphone, tablet or PC. Fraudsters can then gain access to your personal data and even use it for blackmail.
How does the image upload scam work?
Fraudsters are exploiting a vulnerability in WhatsApp that allows them to insert altered images or videos that are not recognized by the application. They can access the analysis process through a file preview that is created when the image is uploaded, and this process breaks the files into smaller packages needed to process the messages.
If code fragments containing malware are injected during this process, fraudsters can use the malware to gain access to target devices. You don't see any of this because these processes are running in the background while you open the image.
What does this mean to you? Not only could your WhatsApp account be stolen, but your data on the device could also be intercepted and stolen. You should be careful about who you trust on WhatsApp.
How to avoid becoming a victim of this scam
Whenever you receive unwanted messages, always pay close attention to who is sending the message and why. Unknown numbers often hide scammers who send messages to random people and hope that someone will be careless enough to fall for their tricks. It's best to block them.
Also, never open images or other files unless you are 100% sure what they contain, unless you 100% trust whoever is sending them to you, and if you think they Really I want you to open them for some reason.
To be more secure, you should disable automatic media downloads, which you can do by going to Settings > Storage & data.. Under Automatic media downloadDeselect all file types by unchecking the boxes (even if your Wi-Fi connection is active).
Last but not least, always install the latest WhatsApp updates. This eliminates known security vulnerabilities, reducing the chance that a scammer can use them to trick you. It is currently unknown when WhatsApp will release an update that fixes this specific vulnerability.
Further reading: WhatsApp will soon ban AI chatbots like ChatGPT
