Thousands Tricked by New, Highly Convincing WhatsApp Scam

Reading time: About 2 minutes
by
Des milliers d’utilisateurs piégés par une nouvelle arnaque WhatsApp très convaincantePin
LinkedInRedditWhatsApp
A seemingly harmless request from a friend asking for a little help… and suddenly, your WhatsApp account vanishes. This new scam exploits the trust between friends to hijack accounts via WhatsApp Web.

Amazon co-founder MacKenzie Scott has donated over $19 billion to charity in just five years
Diamond batteries powered by nuclear waste promise 28,000 years of clean energy
« “Can you vote for my niece? She’s in a competition!” »

The link looks innocent, the request friendly. Yet, clicking on it could cost you dearly: many users are currently losing their WhatsApp accounts due to a new phishing campaign identified by Kaspersky. Behind this seemingly benign message lies a well-orchestrated scam that exploits the connection via WhatsApp Web, affecting both iPhone and Mac users.

How the Hackers Operate

The attack leverages trust and sophisticated psychological manipulation. The message doesn’t actually come from your friend: their WhatsApp account has already been compromised, and it’s the hackers who are contacting you.

When you click on the link, you land on a fake voting website that’s perfectly replicated: photos, voting counter, and even a “Vote” button.
To “confirm your identity”, the page asks you to enter your WhatsApp phone number.

This is where it all happens:
The crooks trigger the generation of a one-time verification code, the same used to log into WhatsApp Web. The fake site displays this code and prompts you to enter it in your WhatsApp app.

By doing so, you give the hackers complete access to your account, as if they were logged in from your computer.

Once inside, they can:

  • Read and send messages to your contacts,
  • Delete conversations,
  • And most importantly, spread the fraudulent link to snare more victims.

Once the account is compromised, it becomes very difficult to recover without prompt intervention from WhatsApp.

NASA warns China could slow Earth’s rotation with one simple move
This dog endured 27 hours of labor and gave birth to a record-breaking number of puppies

How to Avoid Getting Trapped

Here are some good practices to keep your WhatsApp account safe:

  • Never participate in online contests or voting that require logging in via instant messaging.
  • Do not click on suspicious links, even if sent by people you know: their account might be compromised.
  • Activate two-factor authentication in your WhatsApp settings. It adds a six-digit PIN for any new logins, although the attack described above can bypass this mechanism.
  • Use access keys rather than passwords where possible. WhatsApp now supports these.
  • Protect your mobile device with security software: secure browsing blocks malicious URLs before they open
  • Regularly check the list of connected devices on WhatsApp. Disconnect any suspicious devices.
  • Only download the official versions of WhatsApp (App Store, Google Play) and avoid unofficial desktop versions.

5 Anti-WhatsApp Phishing Tips

  1. Never share your WhatsApp code, even with a close friend.
  2. Enable double verification in the settings.
  3. Avoid clicking on links for contests or voting.
  4. Check connected devices.
  5. Alert your contacts if your account is compromised.

Leave a Comment