Since WhatsApp announced the addition of its calling feature recently, it is no surprise to find others banking on this temporary craze to cash in on the unwary. Case in point:
Congratulations!! You have been invited to try Whatsapp Calling!According to our friends at Panda Labs, who first spotted and wrote about this type of scam, smartphone users can unknowingly end up on the above page after they receive an invitation from another WhatsApp user: Hey, i am inviting you to whatsapp calling click here to activate now --> [URL redacted].
Invite your 10 Active Whatsapp Friends to Activate Whatsapp Calling
* As soon as you click on "Invite Now", your whatsapp will open and you can send invitation to any of your friends
* You'll have to invite minimum 10 active friends one by one
* You can click on "Continue" after inviting 10 friends to activate voice calling on Whatsapp
Same technique, different website. For this particular campaign we found, the URL is www[dot]whatsappvoiceplus[dot]com. Expect the URL and messaging to be tweaked again in the future.
We tested this campaign on a browser, which made it much easier to simulate the act of sending messages to random recipients. Clicking "Invite Now" opens a new browser tab with the following message syntax on the address bar.
whatsapp://send?text=Hey, i am inviting you to whatsapp calling click here to activate now --> [URL redacted]The site counted that one opened tab as one message invite sent. This meant that opening nine more tabs would let us move forward to the next step. That is what we did:
Just one more step we promiseClicking "Take The Survey" loads up a survey page, which would either present a typical selection of survey questions, or give the WhatsApp fan a "not available in your region" message.
You might be aware that WhatsApp is rolling out this feature to only a few selected users as of now because of lack of resources Please help us by filling up a simple survey so that we can soon make this feature available for everyone
A similar spam campaign has been spotted targeting Arabic-speaking users:Malwarebytes Anti-Malware detects this particular file as PUP.Optional.MultiPlug.A.
A word of advice: Steer clear of all these and others like them.