Meta has rolled out enhanced security features on WhatsApp and Messenger aimed at reducing the risk of scams, particularly phishing and social engineering attacks that exploit user trust. On WhatsApp, a new warning triggers when users attempt to share their screen with unknown contacts during video calls, a tactic scammers use to capture sensitive information such as bank details or verification codes. Messenger users can enable a 'Scam detection' setting that scans incoming messages from unknown contacts for scam indicators using on-device AI, preserving end-to-end encryption except when users opt to send messages for AI review, which temporarily disables encryption for those messages. If a scam is detected, users receive educational information about common scam types, including fraudulent job offers, quick cash schemes, and work-from-home scams that are impossible to fulfill. Users are also given options to block or report suspicious accounts. Meta has actively disrupted large-scale scam operations, removing over 21,000 Facebook Pages impersonating customer support and nearly 8 million scam-related accounts on Facebook and Instagram. These scams often involve romance baiting or 'pig butchering,' where victims are emotionally manipulated into investing in fake cryptocurrency platforms, resulting in significant financial losses. The criminal networks behind these scams are primarily based in Southeast Asia and operate globally, including targeting European users. The psychological manipulation central to these scams lowers victims' defenses, making detection and prevention challenging. The new tools represent a proactive approach to user protection by combining technical warnings with user education and reporting mechanisms.

For European organizations and users, this threat poses significant risks primarily through social engineering and financial fraud. The widespread adoption of WhatsApp and Messenger across Europe means a large user base is potentially exposed to scams that can lead to financial loss, identity theft, and compromised personal information. Elderly and less tech-savvy populations are particularly vulnerable, which can have broader social and economic impacts. Organizations may face indirect consequences such as reputational damage if employees fall victim to scams that lead to data breaches or fraud. The disruption of scam operations by Meta reduces immediate risk but does not eliminate the threat, as attackers continuously evolve tactics. The psychological nature of the threat complicates detection and mitigation, requiring ongoing user awareness and vigilance. Additionally, the temporary disabling of end-to-end encryption during AI review of messages introduces a trade-off between security and privacy that users and organizations must consider. Overall, the impact is medium, with potential for significant financial and data confidentiality losses if scams succeed.

European organizations and users should take a multi-layered approach to mitigate this threat. First, users must be educated about the risks of sharing sensitive information during video calls and the dangers of screen sharing with unknown contacts. Organizations should encourage enabling the 'Scam detection' feature on Messenger and educate users on how to respond to scam warnings and report suspicious accounts promptly. Security awareness training should emphasize recognizing social engineering tactics, especially romance baiting and investment fraud schemes. IT teams should monitor for signs of compromised accounts and suspicious messaging activity within corporate environments. Collaboration with Meta’s reporting mechanisms can help in timely takedown of scam accounts. Additionally, organizations should implement policies restricting the use of personal messaging apps for sensitive communications and promote secure alternatives. Privacy considerations around AI message review should be clearly communicated to users to maintain trust. Finally, continuous monitoring of emerging scam trends and updating training materials accordingly will enhance resilience against evolving threats.