Avoid scams on WhatsApp: how to identify cloning and keep your messages safe

The cloning of WhatsApp accounts has become a growing concern for millions of users in Brazil, where the application is used by around 147 million people, according to recent data. Digital criminals use techniques such as social engineering, phishing and SIM swapping to access accounts, often sending fraudulent messages to contacts to ask for money or personal data. Recent cases, such as those involving mayors in Espírito Santo and public figures, expose the vulnerability of even experienced users. With the increase in these practices, digital security experts reinforce the importance of preventive measures to protect conversations and avoid losses. New data protection legislation and police actions have sought to curb these crimes, but the responsibility to protect themselves also falls on users, who need to be alert for signs of intrusion.

Skimming attacks often start with attempts to trick the user into sharing verification codes sent via SMS. These codes, made up of six digits, are the key to registering an account on another device. Once access is gained, the scammer can view messages, contacts and groups, in addition to impersonating the victim. In many cases, friends and family receive transfer requests via Pix, which makes the scam even more convincing. The popularity of WhatsApp in Brazil, combined with its use for personal and professional communication, makes the application a constant target for criminals.

The authorities have intensified efforts to combat these scams, with police stations specializing in cybercrime recording thousands of incidents annually. In 2024, Brazil saw a 20% increase in WhatsApp cloning reports compared to the previous year,especially in states like São Paulo, Rio de Janeiro and Minas Gerais. The ease of access to hacking tools and the lack of knowledge about digital security on the part of some users worsen the scenario, but simple measures can significantly reduce the risks.

• Signs that your account may be compromised:
  • Receiving unsolicited verification codes.
  • Messages marked as read without your interaction.
  • Contacts reporting money requests in your name.
  • Login notifications on unknown devices.

How scammers operate

Criminals who clone WhatsApp accounts use a combination of techniques to deceive their victims. Social engineering, for example, is one of the most common strategies, in which the scammer pretends to be an acquaintance, company or institution to extract information. Messages such as “You won a prize, click here” or “Confirm your registration with this code” are often used to trick the user into sharing sensitive data. These messages can arrive via SMS, email or even WhatsApp itself, many timestimes accompanied by malicious links.

Another widely used technique is SIM swap, in which the criminal convinces the telephone operator to transfer the victim’s number to a new chip. With control of the number, the scammer can access WhatsApp and other linked accounts. This method requires greater planning, but has been reported in high-profile cases such as public officials and celebrities. Additionally, spy apps, installed without the user’s knowledge, can monitor activities and capture data, including verification codes.

The losses caused by these scams go beyond financial. Invasion of privacy, with access to personal and professional conversations, can cause embarrassment and even compromise the security of third parties. In a recent case in Apucarana, Paraná, the Municipal Civil Guard number was cloned, and fraudulent messages were sent to citizens, demonstrating that even public institutions are vulnerable. The sophistication of attacks requires users to always be one step ahead by adopting robust security practices.

Preventive measures to protect your account

Adopting security measures on WhatsApp is essential to avoid account cloning. Two-step verification, available in app settings, adds an extra layer of protection by requiring a user-created six-digit PIN. This feature prevents scammers from accessing the account even if they obtain the verification code sent via SMS. Activating this functionality is simple and can be done in a few minutes, but many users are still unaware of its existence.

AlFurthermore, keeping the application updated is crucial to correct vulnerabilities that can be exploited by criminals. Outdated versions of WhatsApp are more susceptible to attacks, especially on Android devices, which represent the majority of smartphones in Brazil. Another recommendation is to avoid using public Wi-Fi networks, which can be manipulated to intercept data. Users should also be wary of unexpected messages, even if they appear to come from known contacts, and never share verification codes.

Companies have an important role in educating their employees about these risks, especially in sectors that use WhatsApp for corporate communication. Regular training on digital security and clear policies for using the application can reduce the incidence of scams. In 2024, large organizations began implementing monitoring systems to detect suspicious activity on corporate accounts, a practice that is expected to expand in the coming years.

• Tips for protecting your WhatsApp account:
  • Enable two-step verification immediately.
  • Never share verification codes received via SMS.
  • Avoid clicking on suspicious links or downloading unknown files.
  • Restrict who can see your profile photo and status.

What to do if your account is cloned

Discovering that your WhatsApp account has been cloned requires quick action for mecause damage. The first step is to try to access the app with your phone number and request a new verification code. This can disconnect the scammer, as WhatsApp only allows one active session per number. If access is denied, the user must contact WhatsApp support via email, providing the cloned number and describing what happened. The support team may temporarily suspend the account until the situation is resolved.

Warning friends, family and colleagues about the scam is another essential measure. Scammers often send messages asking for money or sensitive information, and alerting contacts can prevent them from falling for the scam. Filing a police report at a police station, especially in units specializing in cyber crimes, is also recommended, as it helps authorities track down those responsible and gather evidence for investigations.

Recovering lost conversations depends on automatic backups previously configured on Google Drive or iCloud. Users who activated this feature before the scam can restore their messages by reinstalling the app. However, backups not protected by end-to-end encryption can be accessed by criminals, which reinforces the importance of changing cloud service passwords after an incident. By 2024, about 30% of reported cloning cases involved attempts to access backups, according to expert estimates.

Impacts of cloning on everyday life

Cloning a WhatsApp account can have devastating consequences, especially for those who use the application for professional purposes. Small entrepreneurs, who depend on WhatsApp Business for salesand customer service, are frequent targets. Losing account access can interrupt trading, damage brand reputation and cause financial losses. In 2024, Brazil recorded a 15% increase in complaints from small businesses affected by scams on WhatsApp, with losses estimated at millions of reais.

In addition to the financial impact, cloning compromises users’ trust in the application. Many people limit the sharing of personal information or avoid using WhatsApp for important transactions, which affects its functionality as a communication tool. Meta, the company responsible for WhatsApp, has invested in awareness campaigns and security improvements, but the speed at which scammers adapt their techniques continues to challenge efforts.

Society also feels the indirect effects of these crimes. The increase in digital scams overloads police stations and judicial courts, which need to deal with an increasing volume of complaints. In cities such as São Paulo and Rio de Janeiro, units specializing in cybercrime report that WhatsApp cloning represents around 25% of registered incidents, surpassing other types of online fraud. This scenario requires greater collaboration between government, companies and citizens to create a safer digital environment.

• How to recover your account after cloning:
  • Request a new verification code to disconnect the scammer.
  • Contact WhatsApp support via email.
  • Change passwords for cloud services such as Google Drive and iCloud.
  • Register a tickettime to document the case.

Role of legislation and authorities

The General Data Protection Law (LGPD), in force since 2020, has been an important instrument in combating account cloning on WhatsApp. Companies that fail to protect their customers’ data can face significant fines, which encourages investment in security. Additionally, the LGPD requires victims of leaks or intrusions to be notified, allowing for quick action to mitigate damage. In the context of WhatsApp, the legislation reinforces the importance of protecting information such as phone numbers and messages.

Law enforcement authorities have also intensified operations against gangs specializing in cybercrime. In 2024, the São Paulo Civil Police dismantled a network responsible for thousands of clonings, seizing equipment and identifying leaders of the scheme. Actions like this show that combating digital scams requires coordinated efforts, but prevention remains the best strategy for users.

Digital education is another fundamental pillar. Schools, companies and community organizations have promoted courses and lectures to teach good online security practices. These initiatives are especially important in regions with less access to technology, where users may be more vulnerable to scams. The expectation is that, with greater awareness, the number of cloning cases will decrease in the coming years.

Schedule of actions for digital security

Securing your WhatsApp account requires ongoing action, and many measures can be implemented immediately. A basic schedule helps organize these practices, ensuring users stay on top of their security.

• Steps to secure your account:
  • January to March: Enable two-step verification and set up encrypted backups.
  • April to June: Review privacy settings such as photo visibility and status.
  • July to September: Update the app and check connected devices regularly.
  • October to December: Attend training or lectures on digital security.

Perspectives for the future of security on WhatsApp

The increase in account cloning reflects the challenges of an increasingly connected world. As WhatsApp expands its features, such as digital payments and integration with artificial intelligence, security becomes even more critical. Meta has announced improvements such as automatic alerts for suspicious activity and advanced encryption options, but user responsibility remains essential.

Collaboration between companies, governments and society will be crucial to reducing scams. In Brazil, where WhatsApp is practically an extension of everyday life, awareness initiatives have gained strength. National campaigns, supported by telephone operators and defense agenciesconsumers, are helping to disseminate information about how to avoid fraud.

Users also play an active role in this process. Sharing security tips with friends and family, reporting suspicious messages and keeping devices protected are attitudes that strengthen collective security. With the advancement of technology, the expectation is that new tools will make WhatsApp even more secure, but constant vigilance will continue to be the best defense against scammers.

• Benefits of adopting security measures:
  • Reduced risk of cloning and financial scams.
  • Protection of personal and professional data.
  • Greater confidence in using WhatsApp for communication.
  • Contribution to a safer digital environment.