How WhatsApp’s Scam Alert Detects Fraud Without Reading Messages

WhatsApp is building a new warning system called Scam Alert that flags suspicious messages from senders not in a user’s contacts, with all of the detection running on the phone rather than on WhatsApp’s servers. The feature was first spotted in the WhatsApp beta for Android version 2.26.22.2 by feature tracker WABetaInfo, and it remains under development with no public release date, no beta rollout, and no published timeline from Meta.

Scam Alert is the first consumer-scale scam-warning feature on a major encrypted messenger to keep all of its analysis on the user’s device. That design is what lets WhatsApp preserve end-to-end encryption while still showing a banner inside the chat when a message from an unknown sender looks like a potential fraud attempt.

How Scam Alert Reads Messages Without Reading Them

The system inspects incoming messages from contacts the user has not saved in their address book and looks for patterns associated with common scam tactics. The check happens locally on the device, using detection logic that WABetaInfo describes as in-house, so the content of the message never leaves the phone for analysis. The user gets a warning inside the chat, and the rest of the conversation, including the encrypted message stream between sender and recipient, stays untouched.

The architecture mirrors the one WhatsApp already uses for voice transcripts, a feature that converts voice notes into text entirely on the device. WABetaInfo notes that both features rely on the same principle: the model runs locally, the user can opt in or out, and the encrypted message stream is preserved. Voice transcripts is the closest existing reference point for what running a sensitive model on a billion-user messenger without breaking encryption looks like in practice, and WABetaInfo points to the same in-house speech recognition stack as the technical foundation Scam Alert builds on. You can read the full WABetaInfo write-up in the first detailed report on WhatsApp Scam Alert.

What the Warning Looks Like in the Chat

When Scam Alert flags a message, the recipient sees a banner across the chat reading “This may be a scam”, and the banner confirms that the sender is not in their contacts. Below the warning sit two options: block and report the contact, or trust the chat and continue the conversation. WhatsApp does not block the sender, does not delete the message, and does not make any decision on the user’s behalf, and the contact sending the message cannot tell that the recipient has Scam Alert turned on.

The feature runs silently in the background and leaves no visible trace to the other party. WABetaInfo says local logs of when Scam Alert was triggered are also kept on the device, and are not shared with WhatsApp or Meta. If no suspicious messages are detected in a given period, the on-device report simply notes that no activity was logged. The full set of red flags WhatsApp already trains users to spot in suspicious chats is laid out in a guide to common WhatsApp scam categories and red flags.

This may be a scam

Why Running It on the Phone Matters

Three properties of the design do the privacy work. The detection logic runs locally, the encrypted message stream is never broken, and the transparency logs are stored on the device and are not transmitted to WhatsApp or Meta. WABetaInfo says the feature is “fully compatible with end-to-end encryption“, and the report attributes that compatibility to the on-device architecture rather than to any new server-side processing.

That architecture has a real cost in compute. On-device machine learning models are typically larger and more battery-hungry than the speech-to-text models that power voice transcripts, which can affect performance on mid-range Android phones. WABetaInfo has not disclosed what Android version floor the feature will require, and WhatsApp has not published any technical implementation detail beyond the privacy claim. The trade-off between local inference and end-to-end encryption is a broader design question the industry is only starting to grapple with, as laid out in an explainer on AI and end-to-end encryption trade-offs.

The Fraud Problem Driving the Build

The push comes against a wave of fraud that has hit WhatsApp users at scale. Meta said in early 2026 that it had taken down 6.8 million WhatsApp accounts linked to scam operations in the first half of 2025, many of them tied to organised scam centres in Southeast Asia. The US Federal Trade Commission, in a figure often cited in coverage of the crackdown, reported $2.7 billion in social media fraud losses between January 2021 and June 2023.

WhatsApp has layered other approaches on top of account bans. Meta said in 2026 it is rolling out warning prompts for users added to group chats by unknown contacts, and the platform is encouraging users to pause before responding to unfamiliar messages that try to move the conversation to other apps or payment platforms. Scam Alert is the next layer in that stack, and the first to put detection on the user’s device, a placement that lines up with WhatsApp’s broader push to keep sensitive inference off its servers, including a new set of WhatsApp’s new strict account settings for high-risk users aimed at people most exposed to state-grade spyware.

• Crypto-investment schemes that promise returns and require an upfront payment
• Pyramid-style task scams that pay small amounts first, then ask for larger transfers
• Impersonation of banks, government agencies, and delivery services from unknown numbers
• Group-chat adds by unknown contacts, often the first step in recruitment chains

What Scam Alert Will Not Catch

Several limits are baked into the design, not bugs to be fixed later. Scam Alert inspects only messages from unknown senders, so a scam that arrives from a contact the user has already saved will not trigger the warning. It only warns, and never blocks, never deletes, and never escalates to Meta without the user choosing to report. And because the feature is disabled by default, the majority of WhatsApp users will not have it on the day it ships, even after a stable release.

The opt-in default is itself a privacy choice. Users who do not want any message analysis, even local, can leave the feature off and continue with no detection at all. The reverse trade is that the on-device check only helps people who turn it on, and the users most often targeted by impersonation scams, including older and less tech-savvy users, are the ones most likely to leave it disabled.

Detection on-device also raises a question the company has not yet answered. WABetaInfo has not disclosed whether Scam Alert will inspect images, voice notes, and document attachments, or only text. Most of the scams removed in the 6.8 million-account crackdown involved redirection to other apps and payment platforms, tactics that often show up in plain text but can also be carried in links and media. A text-only check on unknown senders catches a slice of the wave, not the whole of it.

What Is Still Unclear Before Launch

Five questions hang over the build, and none of them are answered in the WABetaInfo report or in WhatsApp’s public materials. They are the questions that decide how useful Scam Alert will be in practice.

• Will the feature ship to iOS at the same time as Android, or will one platform get it first?
• Will the detection model work offline, or does it need a network connection to load?
• Will the warning trigger only on text, or also on image, voice, and document attachments?
• Will WhatsApp publish a transparency report covering aggregate Scam Alert detections, or will the on-device logs remain the only audit trail?
• Will Meta eventually add a server-side layer that catches scams already known to its safety teams, on top of the on-device check?

WABetaInfo says WhatsApp has not announced a release timeline, and the feature is expected to reach beta testers in a future update before rolling out to the stable app. Until those questions settle, the on-device check is best read as one tool in a larger anti-fraud stack, not the closing of it.

Frequently Asked Questions

What is WhatsApp Scam Alert and how does it work?

WhatsApp Scam Alert is an in-development feature that flags messages from senders not in a user’s contacts as potential scams. The detection runs entirely on the user’s phone, not on WhatsApp’s servers, and the feature shows a warning inside the chat rather than blocking the message.

Does Scam Alert break end-to-end encryption?

No. WABetaInfo reports that the analysis happens on the device, and the feature’s design is built to stay compatible with end-to-end encryption. Message contents are not sent to any server for the check to work.

Can Scam Alert block or delete messages on its own?

No. The feature only displays a warning inside the chat and gives the user a choice: block and report the contact, or trust the chat and continue. WhatsApp does not block, delete, or escalate on the user’s behalf.

Is Scam Alert enabled by default?

No. WABetaInfo reports that Scam Alert is optional and disabled by default. Users have to turn it on manually from the app settings before it starts checking unknown-sender messages.

When will WhatsApp Scam Alert be available?

WABetaInfo says there is no announced release date, and the feature is in development, not yet available to beta testers. Scam Alert is expected to reach beta testers in a future update before rolling out to the stable app.