The Scam of the Needy Child: Why WhatsApp is a Prime Target for Cyber Attacks

In Spain, a well-known scam known as the “needy child” continues to circulate on mobile phones, preying on the vulnerability of parents. Beyond monetary gain, attackers aim to hijack WhatsApp accounts, exploiting its status as the world’s most popular messaging application. According to a study by cybersecurity company Kaspersky, WhatsApp accounts for nearly 90% of all cyber attacks.

Why WhatsApp?

WhatsApp serves as an ideal target for cyber attacks due to its widespread usage and the credibility associated with its users’ contact lists. Fernando Suárez, President of the General Council of Colleges of Computer Engineering, explains that gaining access to a WhatsApp account provides attackers with a credible gateway to the victim’s network of friends, family, and colleagues. This credibility can be leveraged to request money, personal data, or even photos for potential extortion.

The Needy Child Scam

The “needy child” scam often involves soliciting money from parents under the guise of an emergency situation involving their child. Attackers exploit the trust between family members, using compromised WhatsApp accounts to request immediate financial assistance. This technique, commonly facilitated through Bizum, PayPal, or bank transfers, relies on the victim’s willingness to believe the urgent plea for help.

Methods of Attack

To execute the attack, cybercriminals must first gain control of the victim’s WhatsApp account. While they may obtain the victim’s phone number from sources like the dark web or online forums, accessing the account requires a verification code sent via SMS. Once the victim receives this code, attackers impersonate a trusted contact, claiming to have mistakenly entered the victim’s phone number and requesting the code. If the victim unwittingly provides both the code and any additional security information, the attackers seize control of the account.

Protecting Your Account

Combatting such attacks requires vigilance and proactive measures:

1. Exercise Caution:

Remain wary of messages requesting personal information or containing suspicious links, even if they appear to be from known contacts. Verify the sender’s identity through alternative means, such as a phone call, before responding.

2. Verify Requests:

If contacted by a purported friend or family member soliciting assistance, verify the authenticity of the communication through another channel before taking any action.

3. Enable Two-Step Verification:

Utilize WhatsApp’s two-step verification feature (found in Settings > Account > Two-step Verification) to add an extra layer of security. This involves creating a six-digit PIN and optionally linking an email address for recovery purposes.

4. Use Antimalware Software:

Consider employing antivirus software on your mobile device to detect and mitigate potential threats. Keep both WhatsApp and your device’s operating system up to date to address any known vulnerabilities.


WhatsApp’s widespread adoption makes it an attractive target for cybercriminals seeking to exploit the trust and credibility inherent in its user base. By employing social engineering tactics and exploiting vulnerabilities, attackers can gain unauthorized access to accounts, posing significant risks to users’ financial and personal security. However, by remaining vigilant and implementing recommended security measures, individuals can better protect themselves from falling victim to such scams and safeguard their digital identities.