Giveaway DM Takeover Scams on WhatsApp
WhatsApp messages claiming the recipient has won a prize require a verification step that either harvests personal data or tricks the victim into forwarding a code that surrenders account access.
Part of: Giveaway DM Takeover Scams
Last reviewed: 1 June 2026
WhatsApp giveaway scams leverage the platform's trusted and personal messaging environment to make fake prize notifications seem more credible than the equivalent email blast. Receiving a message on WhatsApp — especially from an apparently recognisable number or brand account — triggers a different level of trust than receiving the same message via email.
The scam can spread virally when compromised accounts or WhatsApp Business numbers are used to send giveaway messages to large contact lists, making recipients less likely to question the legitimacy of the apparent sender.
How this scam works on WhatsApp
A WhatsApp message arrives from an unknown number or a contact whose account has been compromised, announcing that the recipient has been selected as a winner for a competition run by a well-known brand. A link is provided to claim the prize, leading to a page that requests personal details for 'delivery verification'.
In the account takeover variant, the prize claim page asks the recipient to enter a code sent to their phone 'to confirm eligibility'. This code is WhatsApp's one-time registration code — entering it on the site or forwarding it to the sender grants the attacker control of the victim's WhatsApp account.
Branded variants use WhatsApp Business accounts set up with a consumer brand's name and logo to send mass giveaway notifications. Recipients who trust the brand name click through and enter personal details that are used for downstream fraud.
Common red flags
- WhatsApp message from an unknown number announcing a prize win for a competition you did not enter
- Prize claim link directing to a site that is not the brand's official domain
- Verification step requesting the code sent to your mobile phone to 'confirm your prize claim'
- Message from an apparently compromised contact announcing a giveaway with a link
- Request for home address, date of birth, or banking details to 'process delivery' of a prize
- WhatsApp Business account using a brand name but without verifiable contact details matching the real brand
How to protect yourself
- Treat all unexpected WhatsApp prize notifications as fraudulent until independently verified with the brand via official channels
- Never enter a code sent to your phone on any external website — this is always an account takeover attempt
- Block and report the sending number immediately using WhatsApp's in-app function
- Enable WhatsApp two-step verification to add an extra barrier against account takeover
- Check the prize claim directly on the brand's official website — genuine competition wins are usually verifiable there
- Warn contacts if their WhatsApp account appears to be compromised and sending prize messages
How to report it
- Report the number to WhatsApp using the in-app 'Report' function in the chat settings
- Report the fake brand promotion to the real brand through their official contact channels
- File a complaint with your national consumer protection authority if personal data was submitted
Frequently asked questions
How do brands run legitimate prize campaigns on WhatsApp?
Legitimate brand promotions on WhatsApp are announced through verified brand accounts and official websites simultaneously. They never require you to enter a code sent to your phone, and they direct prize winners to the brand's official site for claiming. If you can only access the giveaway through a link in a WhatsApp message with no matching public announcement, treat it as a scam.