Cybersecurity agencies and security firms report a surge in sophisticated WhatsApp scams, including account takeovers via remote access, “task” job fraud, and fake verification codes. Criminals are increasingly using AI to generate multilingual phishing sites, targeting users globally to steal personal information, financial credentials, and full control of messaging accounts.
The “Task Scam” and Employment Fraud
A prevalent scam targeting job seekers involves promises of high-paying, remote work that requires little to no experience. The fraud begins with simple, low-effort tasks—such as liking social media posts or writing reviews on Google Maps—for which the victim is initially paid to build trust. Once the victim is confident, the perpetrators demand payments to “unlock” more lucrative missions.

“Lorsque la victime prend contact avec le supposé recruteur, il lui est proposé de réaliser quelques tâches simples comme « liker » des vidéos ou s’abonner à des comptes sur TikTok ou Instagram, faire des commentaires sur des commerces sur Google Maps, etc.”
Once victims can no longer afford the payments, they are often blocked or “fired” by the fake employer. Experts advise that if an employer requests payment to start a job, it is a definitive sign of an escroquerie
(scam).
Account Takeovers and Verification Code Theft
Criminals are actively exploiting the trust between contacts to hijack WhatsApp accounts. As reported by the Federal Office for Cybersecurity (OFCS), attackers often compromise one account and then message the user’s contacts posing as that person. They claim to have a locked phone and ask the recipient to forward a verification code received via SMS.
This code de vérification
is the key to the victim’s account. Once a user provides it, the attacker gains full control, allowing them to solicit money or further codes from other contacts. In some instances, attackers move beyond simple hijacking to financial fraud, tricking victims into making payments via services like Twint for fake voucher purchases. The OFCS notes that in specific reported cases, victims have lost over 1,800 francs.
AI-Driven Phishing and Remote Access Risks
The sophistication of these attacks is rising due to the integration of artificial intelligence. These sites often lure users with fake contests, such as voting for family members in gymnastics competitions.
“Grâce à l’IA et aux kits de phishing, les pirates produisent facilement des versions multilingues d’un même site – nous avons trouvé le même sondage en anglais, espagnol, allemand, turc, danois, bulgare et dans d’autres langues.”
Another dangerous tactic involves remote access. According to the Guardia Civil in Spain, scammers now use video calls to initiate fraud. The attacker presents an écran noir
(black screen) and offers to help the victim with a technical issue by enabling screen sharing. Once the victim shares their screen, the attacker captures verification codes sent to the device, effectively stealing the account.
Defensive Measures for WhatsApp Users
- Verify Requests: Never share codes received via SMS. If a contact makes an unusual request, attempt to reach them via a different channel—such as a direct voice call—to verify the situation.
Finally, users should remain skeptical of too good to be true offers, such as free products from major brands like Nike.
Find more reporting in our Technology section.
Worth a look
Discover more from Archyworldys
Subscribe to get the latest posts sent to your email.