Hi Marcos,

Yes—ERM can support the takedown effort, but with an important limitation: ERM cannot directly remove (“takedown”) a WhatsApp account. Only WhatsApp/Meta can disable an account. What ERM can do is run the evidence collection + reporting + escalation workflow on your behalf to maximize the chance of fast enforcement.

Below is the practical “how”, what we need from you, and what timelines usually look like.

1) How WhatsApp account removal works (what triggers enforcement)

WhatsApp’s primary enforcement path for impersonation is user reporting (often combined with blocking). When an account is reported, WhatsApp receives:

• the reported user/group ID,
• metadata (when messages were sent, message type), and
• the last five messages sent by the reported account,
  and the reported account is not notified. [faq.whatsapp.com]

This is why the fastest “takedown” path is normally: collect evidence → report in-app → (optional) escalate with additional documentation if needed. [faq.whatsapp.com]

2) Can ERM do the takedown? (Answer)

✅ What ERM can do

ERM can:

• Collect and preserve evidence (screenshots, numbers, message headers/metadata where available)
• Coordinate bulk reporting (e.g., instruct impacted staff/targets on the exact reporting steps so WhatsApp receives multiple independent reports)
• Submit structured reports and keep an internal case log (helpful if the impersonator reappears)
• Coordinate legal/brand documentation (if the impersonation involves a company brand, trademark, or fraud at scale)

❗ What ERM cannot do

ERM cannot “push a button” to remove a WhatsApp account. WhatsApp decides and executes the enforcement action based on its investigation signals, including reports. [faq.whatsapp.com]

3) The exact steps (What ERM will do / what you can do immediately)

A. Immediate action (recommended)

1. Open the chat with the impersonating account. [faq.whatsapp.com]
2. Use Report (and optionally block + delete chat). [faq.whatsapp.com]
   • On many devices: tap the menu (More) → Report. [faq.whatsapp.com]
3. Block the account to stop further contact. [faq.whatsapp.com]

WhatsApp explicitly supports reporting contacts and groups, and reporting can be initiated from within a chat. [faq.whatsapp.com]

B. Evidence ERM will capture (best practice)

ERM typically captures:

• Phone number used by the impersonator (in international format)
• Screenshots showing:
  • the profile name/photo
  • the phone number
  • impersonation claims (e.g., “I’m Marcos from X…”)
  • any payment requests / phishing links
• Dates/times of messages
• A short description of “who is being impersonated” and “who is being targeted”

This evidence aligns with what WhatsApp uses when accounts are reported (message samples + account identifiers). [faq.whatsapp.com]

C. Coordinated reporting (often increases success)

If multiple recipients received messages, ERM can instruct them to report the account from their own devices, which helps ensure WhatsApp receives multiple independent report signals (each report includes message samples and identifiers). [faq.whatsapp.com]

4) How long does it take?

What WhatsApp officially indicates (and what they don’t)

WhatsApp explains what data they receive when you report and how reporting works, but they do not publish a guaranteed enforcement SLA (e.g., “within X hours”). [faq.whatsapp.com]

Practical expectation (non-SLA guidance)

In real-world cases, outcomes vary depending on:

• number of reports received,
• the content of the last messages (clear impersonation/fraud vs. ambiguous),
• recurrence patterns (new numbers),
• whether there is brand/trademark misuse or broader scam activity.

Typical ranges organizations see are anywhere from same day to several days, but this is not guaranteed because WhatsApp controls the decision and timeline.

If you share your scenario details (below), I can recommend the fastest path and what to prioritize to reduce time-to-action.

5) What ERM needs from you to start (minimum intake)

Please provide:

1. Impersonating phone number(s) (include country code)
2. Screenshots of:
   • profile page (name + photo + number)
   • example messages showing impersonation
3. Who is being impersonated (person or company) and in what context
4. Impact (e.g., customers scammed, employees targeted, payment requested, reputational risk)
5. Whether you want ERM to also prepare:
   • a customer/staff warning message, and/or
   • a repeat-impersonation monitoring plan

6) Quick guidance to reduce risk while takedown is in progress

• Notify likely targets (employees/customers) that the number is fraudulent.
• If money was requested or sent, treat it as a potential fraud incident and start your internal incident process.

Two quick questions so I can tailor the exact ERM workflow:

1. Is the impersonation targeting you personally or a company/brand (e.g., pretending to be a support desk, executive, vendor)?
2. Are the attackers contacting internal staff, customers, or both?

If you paste the impersonating number(s) and one screenshot (redact any sensitive info), I can outline the quickest escalation playbook ERM should follow.