WhatsApp ‘Do You Know This Person?’ Photo Scam Can Empty Your Bank Account — Here’s How To Stay Safe

Cybercriminals have devised a deceptive new method to compromise user data on WhatsApp, using a seemingly innocent question: “Do you know this person?” Paired with an image, this message may look harmless, but it can be a gateway to dangerous malware that could steal your personal and financial information in seconds.

The scam, currently circulating widely on WhatsApp, is raising alarms among cybersecurity experts for its use of a stealthy attack technique and its potential to access everything from passwords and OTPs to UPI credentials and banking logins.

How the image-based malware trap works

As reported by The Indian Express, at the heart of this scam is a technique called steganography, where malicious code is concealed within an image file. The attacker sends a message from an unknown number, showing a picture and asking, “Do you know this person?”

The user, out of curiosity or concern, may download or open the image, unknowingly activating the hidden malware. Once triggered, the malicious software can silently infiltrate the phone’s system, accessing sensitive information and potentially draining the victim’s bank account.

Red flags to watch out for

Cybersecurity experts are urging users to stay vigilant. The most important step? Don’t engage with unsolicited media from unknown contacts.

  • If you receive a message with a photo and a question from someone not in your contact list, avoid clicking on it.
  • The image may appear normal, but could be carrying dangerous code beneath the surface.
  • Don’t open suspicious photos. Be wary of photos from unknown numbers, even if they seem harmless.

Another tip is to ignore messages that promise gifts, offer job opportunities, or ask for personal verification details via chat.

Stay protected with these simple steps

To safeguard against such malware attacks, it’s important to keep your antivirus protection up to date. Update your antivirus software regularly to ensure you have the latest protection.

In addition, never share OTPs, banking credentials, or other personal data on WhatsApp — even with people you know. Cybercriminals often exploit trust and familiarity to extract sensitive details. Don’t share your banking information or OTPs on WhatsApp. Never share your banking details or OTPs through WhatsApp or any other unofficial channel.

As messaging apps become an increasingly common target for cyberattacks, users need to remain alert and cautious, because sometimes, all it takes is one click to put your digital life at risk.

technology