Video Explores WhatsApp Security Flaws Amid Scam Ads

- A recent Union Home Ministry report identified WhatsApp as the primary platform for cyber fraud in India, with 43,797 complaints filed in the first quarter of 2024 alone. Common scams include investment schemes, digital arrests, and job frauds that often target vulnerable groups like unemployed youth and students. - Scams like "WhatsApp Pink" entice users to download a malicious APK file with the promise of a new pink-themed interface and additional features. This malware can lead to the complete loss of phone access and the theft of personal data, including financial information and contacts. - One prevalent tactic is the OTP (One-Time Password) hijack, where scammers, often posing as a friend or family member whose account has already been compromised, will ask the victim to forward a code "accidentally" sent to their number. Sharing this OTP gives the attacker full control of the user's WhatsApp account. - In response to rising misuse, WhatsApp has been proactively banning millions of Indian accounts monthly, utilizing AI-based detection and automated tools to identify suspicious activity in compliance with India's IT Rules, 2021. The number of accounts banned in India per month grew from over 2 million in July 2021 to over 9.7 million by February 2025. - For businesses, Meta is updating its WhatsApp Business API policy effective January 15, 2026, to prohibit the use of general-purpose AI chatbots from companies like OpenAI. The new rules aim to refocus the API on specific customer service functions rather than the distribution of broad AI technologies. - Indian regulations, such as the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Consumer Protection Act, 2019, require platforms to address user grievances and prevent misleading advertisements. These rules mandate mechanisms for content removal and the appointment of India-based compliance officers. - Businesses using the WhatsApp Business API must adhere to strict compliance policies, including obtaining explicit user opt-ins for messaging, ensuring data privacy, and accurately representing their business to avoid account restrictions or being offboarded. Violations of policies against spam, fraudulent activities, or illegal product sales can lead to immediate account termination. - The Indian Cyber Crime Coordination Centre (I4C) has partnered with tech platforms like Google and Meta to share intelligence and combat fraudulent activities, including the proliferation of illegal digital lending apps promoted through advertisements on social media.