Jamaica is experiencing an alarming surge in WhatsApp-related cyberattacks. With over 34 million cyberattack attempts recorded in the first half of 2025 alone, according to Fortinet’s Global Threat Landscape report, the Jamaica Cyber Incident Response Team (CIRT) has issued urgent warnings about sophisticated scams targeting users across the Caribbean.

Jamaica’s vulnerability stems from deep digital connectivity. With over three million daily Internet connections, more than 70 per cent accessed via mobile devices, WhatsApp has become a prime target for cybercriminals and careless online behaviour creates easy entry points for attackers.

In September 2025, Cybersecurity and Infrastructure Security Agency (CISA) added WhatsApp vulnerability CVE-2025-55177 to its Known Exploited Vulnerabilities catalog. This critical zero-day flaw affects WhatsApp’s linked device feature, allowing attackers to manipulate synchronisation messages and deliver malicious content without user interaction.

Impersonation Scams: Scammers pose as family members claiming to have new phone numbers, creating urgency around fake emergencies requiring immediate money transfers. The RSS specifically warns Caribbean residents about these “Hi Mom/Hi Dad” scams.

Verification Code Theft: Attackers impersonate WhatsApp support requesting SMS verification codes. Sharing this code grants complete account access, locking you out and exposing your contacts.

Account Hijacking: Cybercriminals use call forwarding tricks to intercept verification codes and hijack accounts, then impersonate victims to scam their contacts.

Fake Job Offers: Scammers promise lucrative positions requiring upfront fees or personal details, targeting job seekers with professional-looking schemes.

Romance Scams: Attackers build relationships over extended periods before requesting money or sensitive information, exploiting emotional connections.

Prize Scams: Unsolicited messages claim you’ve won prizes or offer ‘ WhatsApp Gold’ upgrades. Clicking links downloads malware or leads to phishing sites.

How to Protect Yourself

Enable Two-Step Verification Immediately: This is your primary defence. Go to
WhatsApp Settings > Account > Two-step verification and create a six-digit PIN. Never share this PIN with anyone claiming to be from WhatsApp — they will never ask for it.

Update WhatsApp Regularly: Install the latest version from official app stores only. Enable automatic updates to receive critical security patches. WhatsApp versions prior to v2.25.21.73 (iOS), v2.25.21.78 (Business/Mac), and 2.2450.6 (Windows) contain serious vulnerabilities.

Verify Every Unusual Request: If someone claims to be a family member from a new number, call their known number directly. Establish a family “safe word” for emergencies. Never respond to urgent requests for money without independent verification.

Never Share Verification Codes: Anyone requesting these codes is attempting account theft. Block and report them immediately.

Control Privacy Settings: Adjust Settings > Privacy to control who sees your profile photo, last seen status, and other information. Review linked devices regularly (Settings > Linked Devices) and remove unrecognised ones.

Avoid Suspicious Links: Never click links from unknown senders. Verify links through alternative communication methods before clicking.

Use Secure Networks: Avoid WhatsApp on public Wi-Fi without a VPN. Use mobile data for sensitive conversations. Keep your device’s operating system updated.

If You Get Compromised

Immediate Actions: Stop all communication with the scammer. Block and report them through WhatsApp (long-press message > Report). Alert your contacts using alternative communication methods. Document everything with screenshots.

Regain Account Access: Try recovering through your phone number. Use the ‘Lost/Stolen Phone’ option if locked out. Contact WhatsApp support through official channels only.

Report to Authorities: Contact CIRT Jamaica at jamaica.cirt@opm.gov.jm or call (876) 920-4439 / (876) 578-5705. File a police report at your local station. Report to the Jamaica Constabulary Force Cybercrime Unit.

Secure Your Devices: Run malware scans, review app permissions, and change passwords for linked accounts. Monitor financial accounts for unauthorised transactions and contact your bank if you shared financial information.

As emphasised during National Cybersecurity Awareness Month 2025 (theme: ‘Secure Today – Smarter Tomorrow’), cybersecurity is everyone’s responsibility. Think before acting on urgent requests. Verify independently using separate communication channels. Educate family, friends, and colleagues about these threats. Stay informed through CIRT Jamaica and RSS alerts.

Remember: legitimate organisations never ask for verification codes, pressure immediate action, or request sensitive information through WhatsApp messages. When in doubt, verify through official channels.

Jamaica’s digital transformation under Vision 2030 requires parallel commitment to cybersecurity. The CIRT Division is working toward becoming a national cyber authority, but individual vigilance remains the first line of defence. By implementing these security measures and fostering cyber awareness, you can significantly reduce your risk and help protect Jamaica’s digital future.

— Trevor Forrest is chairman and CEO of Lignum Security Limited, a provider of cyber-security solutions and consulting services. Email:trevorforrest@lignumsecurity.com