A scam is currently running with the purpose of harvesting contact numbers for WhatsApp by luring users with the much anticipated video calling feature from the messaging service.
WhatsApp has grown to serve at least 800 million users, according to a Facebook post from CEO Jan Koum in April, making it an appealing target for cybercriminals.
Spam and scam directed at users of this communication platform has increased proportionally with the popularity of the service, and now a new ruse is employed, as support for video calls has recently been implemented by the company.
Bogus messages displayed to increase confidence in the offer
Cybercriminals were quick to take advantage of the news and started to send messages claiming that the new capability can be activated by visiting a specific website (whatsappcalling[.]co).
The fraudulent page is still up and running at the moment of writing, and it contains simple and clear instructions on how the alleged feature can be turned on. To make the scam more credible, crooks have inserted fake messages from users that have already tried the new service, touting that it is better than Skype.
However, the end goal of the scammers is to collect the WhatsApp numbers, probably to create a database with targets for different malicious campaigns.
Scammy page instructs victim to invite more friends
Following the instructions on the page, the user is shown a fake verification process with bogus operations being displayed to increase trust. One of the steps is a bogus user verification that loads a page where the potential victim is asked to invite at least “10 active friends or 3 groups one by one.”
If the application is installed, another page is loaded, with a predefined text for inviting friends to benefit from the alleged WhatsApp video call feature. We noticed that, in some cases, there is a redirect to a localized online survey claiming to deliver the activation code for the feature upon completion.
The new capability is expected to become available this month and it will definitely be trumpeted all over the web; but until its release, users are advised to be cautious and refrain from clicking on links in messages from unknown sources.