OTT Messaging Spoofing
Fraud conducted through over-the-top messaging apps such as WhatsApp, Telegram, or Signal where attackers impersonate known contacts or official accounts.
Also known as: WhatsApp spoofing, Telegram impersonation, Hi Mum scam, OTT account impersonation
Last reviewed: 10 June 2026
Over-the-top (OTT) messaging platforms operate over the internet rather than the phone network and include WhatsApp, Telegram, iMessage, and Signal. Fraudsters spoof or impersonate accounts on these platforms in several ways: creating accounts with the same profile picture and display name as a known contact, exploiting WhatsApp's business-account verification gaps to appear as a verified brand, compromising a contact's account and messaging their entire contact list, or buying accounts associated with recycled phone numbers.
Common OTT spoofing scams include the 'Hi Mum' (family emergency) scam where an attacker posing as a child claims their phone is broken and needs urgent money transfer, WhatsApp gift-card requests from apparently hijacked friend accounts, and Telegram impersonation of investment advisors or customer-service bots.
Consumers should verify unusual money requests over a separate channel before acting. Establish a verbal code word with close family for emergency scenarios. Enable two-step verification on WhatsApp and Telegram to prevent account hijacking. Be sceptical of any message that begins with an explanation of why the contact is using a different number or device.