• Fraud HQ
  • Posts
  • Is WhatsApp The King Of Scam Messages?

Is WhatsApp The King Of Scam Messages?

Author

Marc Evans
August 06, 2025

A Detective’s Perspective on Fraud and Scams

Suit Up Fraud Heroes!

Fraud isn’t slowing down, it’s accelerating. Scam messages are flooding our devices. Cryptocurrency is being weaponized by scammers. And data breaches are handing criminals the keys to our lives. It’s easier than ever for them to strike. That’s exactly why we must fight back. At Fraud HQ, we’re on a mission to expose the threats, share real insights, and educate as many people as possible on how fraud happens.

Hero Briefing

  • WhatsApp Deletes Nearly 7M accounts linked to scams

  • International Criminals Plead Guilty to $300K card skimmer scheme

  • Startup Sells Access to Stolen Info From Dark Web

  • Tea Dating Advice App Breached Twice

  • PayPal Pushes Deeper Into Crypto Payments

WhatsApp Deletes Nearly 7M accounts linked to scams

The Intel:

Meta has revealed that WhatsApp took down 6.8 million accounts linked to global scam operations in just the first half of 2025.

Many of these accounts were tied to organized crime groups operating scam centers in Southeast Asia, where forced labor is often used to run large-scale fraud operations.

The takedown came alongside new anti-scam features, including alerts when users are added to group chats by unknown contacts, a tactic often used in fake investment schemes.

Why it matters:

I have personally investigated cases where millions of dollars have been lost and they all started with a random, unsolicited message on WhatsApp.

Scammers are evolving and they’re not working alone. Large criminal networks are exploiting people and technology to run global fraud schemes across messaging apps, cryptocurrency platforms, and social media.

Some even use AI tools like ChatGPT and Gemini to script messages that sound legitimate.

Detective’s Insights:

  • Many scams start with a simple message, then escalate through WhatsApp or other encrypted apps.

  • Group chat scams often promote fake investments, pyramid schemes, or “like-and-earn” jobs that require upfront payment.

  • Criminals hijack accounts or create new ones with convincing profiles to target users at scale.

  • Scams frequently end with wire transfers to stolen accounts and crypto payments, making funds harder to trace or recover.

  • WhatsApp’s new features like alerts for unknown group invites and two-step verification can help, but users must activate them.

  • The scale of account takedowns shows the threat is widespread and growing, despite tech company efforts to fight back.

International Criminals Plead Guilty to $300K card skimmer scheme

The Intel:

Four foreign nationals pleaded guilty in federal court to operating a credit card skimming scheme that compromised over 15,000 cards across multiple states.

Between May 2023 and February 2024, the group installed skimming devices on ATMs and self-checkout machines, using stolen data to produce counterfeit cards and make fraudulent withdrawals.

More than $300,000 was stolen, including $117,000 from one Rhode Island credit union in a single day.

Why it matters:

Skimming may sound like an old scam, but it’s more dangerous and sophisticated than ever.

These devices are nearly invisible, quietly capturing card data from thousands of unsuspecting consumers.

The speed and scale of the fraud show how quickly criminals can drain accounts before victims or banks notice.

With suspects operating across borders and illegally in the U.S., this case highlights the need for stronger detection systems and cross-agency collaboration.

Detective’s Insights:

  • Skimmers were placed on high-traffic ATMs and retail self-checkouts, often without immediate detection.

  • Devices captured magnetic stripe data, chip information, and PINs, which were then used to clone cards.

  • Counterfeit cards were used quickly, draining multiple accounts in a matter of hours.

  • The group crossed state lines, making the fraud harder to detect and prosecute without federal coordination.

  • The use of access device-making equipment and trafficking charges points to a well-equipped and organized operation.

  • Skimming remains a top threat, especially at unattended terminals like gas pumps, ATMs, and self-checkouts.

Startup Sells Access to Stolen Info From Dark Web

The Intel:

A tech startup called Farnsworth Intelligence is selling access to personal data stolen by infostealer malware, claiming it’s all within legal bounds.

For as little as $50, users can search through logs harvested from over 50 million infected devices, containing everything from passwords and browser histories to crypto wallets and autofill data.

Although the company doesn’t deploy the malware itself, it openly advertises access to over 20 billion stolen records, updated monthly, with no consumer-level vetting in place.

Why it matters:

This isn’t just breach data, it’s live device-level intelligence, harvested from malware infections and sold like a subscription service.

Even if your data was never leaked in a traditional breach, a single malware infection could put your entire digital life on display to anyone with $50.

The risks are enormous: cyberstalkers, identity thieves, or criminals could misuse this data with ease. This case blurs the line between legal and ethical and puts pressure on regulators to act fast.

Detective’s Insights:

  • Infostealers grab everything from your device, including logins, browsing history, screen captures, and saved autofill data.

  • No background check is required for basic access, making it available to anyone including bad actors.

  • Monthly updates add 185 million new records, meaning data is fresh, active, and far more exploitable than old breach dumps.

  • Your autofill data like addresses, credit cards, logins is a goldmine for anyone accessing your infostealer profile.

  • Infostealers often infect devices through malicious links, pirated software, or fake plug-ins, and the victim rarely knows until it’s too late.

  • Even one infection can expose your entire online identity, making prevention your best defense.

Tea Dating Advice App Breached Twice

The Intel:

Popular app Tea Dating Advice, which claims to be a safe space for women to share experiences about men, has suffered two major data breaches in just days.

The first leaked over 72,000 user images, including 13,000 photo IDs used for verification.

The second, more serious breach, exposed over 1.1 million private messages, revealing deeply sensitive conversations about relationships, abuse, and personal decisions with many tied to identifiable users.

Why it matters:

This isn’t just another data breach—it’s a massive privacy failure affecting thousands of individuals.

The exposed messages contain unfiltered details about users’ lives, including names, social media profiles, phone numbers, and discussions of intimate or traumatic experiences.

The impact of this breach goes beyond stolen information. It could lead to stalking, harassment, and real-world harm to both the women and men.

For a platform built around trust and vulnerability, encryption and strong cybersecurity shouldn’t be optional. They’re non-negotiable.

Detective’s Insight:

  • Photo IDs like driver’s licenses give criminals everything they need to commit identity theft—full names, birthdates, addresses, and document numbers.

  • Selfies and account photos can be used to bypass facial recognition, or to create convincing deepfake videos for impersonation scams.

  • Private messages include names, contact info, and stories tied to real people, which scammers can use to build fake personas or manipulate victims.

  • Abusers or stalkers could use leaked messages to track or retaliate against users, especially if phone numbers or social accounts are linked.

  • Scammers can weaponize sensitive conversations (e.g., discussions about abortions or infidelity) for blackmail, sextortion, or emotional manipulation.

  • Men mentioned in the app, who have no access or recourse, could also become targets, as malicious actors extract context or fabricate narratives from partial information.

  • The leak creates dual-risk exposure: for users who posted the content and for the people they wrote about.

PayPal Pushes Deeper Into Crypto Payments

The Intel:

PayPal is pushing deeper into crypto payments, now allowing merchants to accept cryptocurrency at checkout using customer-connected crypto wallets.

Transactions will convert through exchanges like Coinbase or Uniswap into PayPal’s stablecoin (PYUSD), then settle in U.S. dollars.

Why it matters:

PayPal’s growing crypto integration signals a major shift toward blockchain-enabled commerce, but it also opens new doors for fraud, laundering, and chargeback confusion.

The use of decentralized wallets and real-time token conversions adds complexity that many small businesses may not fully understand.

And with stablecoins in the mix, law enforcement and compliance professionals will face greater challenges in tracing funds, verifying identities, and managing crypto-related consumer complaints.

Detective Insights:

  • Real-time token conversions (crypto → PYUSD → USD) introduce more touchpoints for manipulation or money laundering.

  • Decentralized exchanges offer minimal oversight, compared to centralized platforms like Coinbase.

  • Chargebacks and disputes in crypto are notoriously difficult, and most consumers don’t understand that crypto payments are final.

  • Fraudsters could exploit the system by connecting stolen or burner wallets to execute high-volume transactions.

  • Cross-border payments may help merchants, but could also invite jurisdictional loopholes for scams.

  • Small businesses will need education, or they’ll unknowingly expose themselves to risk by accepting crypto.

Fraud Prevention Tip of the Week

“This is your bank calling…” Or is it?

Scammers are posing as bank representatives to convince you there’s fraud on your account. They sound convincing. They may spoof your bank’s phone number. But their goal is to scare you into handing over control of your money.

Common Scam Tactics:

  • Caller ID Spoofing
    The call appears to be from your bank’s real number. The voice sounds professional—and may even know some of your personal info.

  • “Card Compromised” Trick
    They claim your debit card was used fraudulently. Then they pressure you to “secure” your account by giving up card numbers, PINs, or security codes.

  • Fake Courier Pickup
    Victims are told to cut up their debit card and hand it to a courier for “safekeeping”—who is actually working with the scammer.

  • Push-to-Transfer Tactics
    Some victims are instructed to transfer funds to a “safe account” (controlled by the criminal) or withdraw cash and deposit it into a Bitcoin ATM

How to Protect Yourself:

  • Hang up and call back
    Use the number on your debit card or bank website—never continue the same call.

  • Don’t share personal info
    Your bank will never ask for PINs, full card numbers, or login codes over the phone or text.

  • No “safe accounts”
    Real banks do not ask you to move money to protect it. That’s a classic scam move.

  • Be skeptical of couriers
    No bank will send someone to your house to pick up your card or cash.

Bottom line:
If something feels urgent or strange, PAUSE. THINK. VERIFY
Call your bank directly.
Don’t act on fear. Act on facts.

Report the scam to your bank and local law enforcement. It could prevent the next victim.

Fraud By the Numbers

Investment Scams continue to dominate the fraud landscape — and the numbers are staggering. These scams prey on trust, urgency, and the allure of high returns, often leaving victims financially and emotionally devastated.

Here’s what the latest data reveals:

  • Investment Scams were the #1 fraud type reported in the U.S.

  • Victims lost over $6.5 billion in 2024 alone

  • 47,919 official complaints were submitted

  • Victims aged 60 and over accounted for the highest losses