WhatsApp Phishing Campaigns Exploiting Online Voting Pretexts
A sophisticated phishing campaign has been targeting WhatsApp users globally by leveraging fake online voting pages as a social engineering lure. Attackers initiate contact through personalized messages, often impersonating friends or relatives whose accounts have already been compromised, and request recipients to vote for a contestant in a fabricated competition. The phishing messages are distributed via WhatsApp groups, private chats, and other social networks, increasing their reach and credibility. Victims are directed to convincingly designed phishing websites that mimic legitimate voting polls, complete with real participant photos, vote buttons, and dynamic counters to enhance authenticity. These phishing sites are produced in multiple languages, including English, Spanish, German, Turkish, Danish, and Bulgarian, indicating a broad, international scope and the likely use of AI-driven phishing kits. Upon clicking the vote button, users are prompted to provide sensitive information, which can lead to account compromise and further propagation of the scam through hijacked accounts. The campaign demonstrates a shift in phishing tactics from traditional email-based attacks to mobile-first platforms such as WhatsApp, SMS, and other messaging services. This trend is corroborated by industry data showing that 41% of phishing incidents now employ multichannel approaches, including smishing, vishing, and quishing. The move to mobile platforms makes these attacks harder to detect and prevent, as they exploit the trust and immediacy associated with personal messaging apps. Security experts warn that these mobile phishing campaigns are more likely to succeed due to their personalized nature and the difficulty users face in distinguishing legitimate requests from fraudulent ones. In response, organizations are adopting AI-driven security solutions that analyze message content and intent in real time to identify and block social engineering attempts before users are compromised. The ongoing evolution of phishing tactics underscores the need for heightened user awareness, robust mobile security measures, and continuous monitoring of emerging threats targeting messaging platforms. Enterprises are advised to educate employees about the risks of unsolicited voting requests and to implement technical controls that can detect and mitigate phishing attempts across all communication channels. The widespread nature of this campaign highlights the importance of a multi-layered defense strategy that addresses both technological and human vulnerabilities. As attackers continue to innovate, proactive threat intelligence and adaptive security solutions remain critical to protecting users from account takeover and data theft. The incident serves as a reminder that social engineering remains a potent tool for cybercriminals, especially when combined with convincing pretexts and advanced phishing infrastructure. Organizations and individuals alike must remain vigilant against evolving phishing schemes that exploit trust and social connections on mobile platforms.
Timeline
Oct 2, 2025
Reports highlight WhatsApp 'online voting' phishing lure
Security coverage described a phishing scheme spreading via WhatsApp messages that impersonate online voting or contest campaigns to trick users into clicking malicious links and surrendering data or account access. The references frame this as part of a broader shift of phishing activity from email toward mobile messaging platforms.
Feb 27, 2025
Researchers identify Russian-linked WhatsApp hijacking campaign in Romania
Researchers documented a WhatsApp hijacking campaign targeting Romanian users with fake voting or prize-contest messages sent from compromised contacts. The operation used malicious sites to trick victims into linking their WhatsApp accounts to attacker-controlled devices, and infrastructure clues such as Russian-language settings and VK references suggested a Russian origin.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Global WhatsApp Account Hijacking Campaign via Social Engineering
A rapidly expanding WhatsApp account hijacking campaign, dubbed HackOnChat by CTM360, is targeting users worldwide through a network of deceptive authentication portals and impersonation pages. Attackers exploit WhatsApp's web interface and use social engineering tactics, such as fake security alerts and spoofed group-invite messages, to trick users into compromising their accounts. The campaign leverages thousands of malicious URLs hosted on inexpensive domains, with a surge in activity noted across the Middle East and Asia. Once an account is compromised, attackers use it to target the victim's contacts for further scams, data theft, and extortion, often propagating the attack chain through phishing messages sent from the hijacked account. Research from UC San Diego highlights the broader social engineering strategies employed by scammers, including the use of long, trust-building conversations that often transition to WhatsApp as the preferred platform for executing fraud. The study found that scammers typically delay financial requests until after extensive interaction, using personal conversation and subtle verification techniques to build credibility. These findings underscore the effectiveness of WhatsApp as a tool for scammers and the sophistication of their methods in orchestrating account takeovers and subsequent fraudulent activities.
1 months ago
Phishing Scams Exploiting Common Apps and Meta's Countermeasures
Cybercriminals have increasingly weaponized common applications such as email, messaging platforms, and social media to conduct sophisticated phishing scams targeting users worldwide. Attackers frequently use seemingly innocuous PDF attachments in emails, which are crafted to appear as official documents from trusted brands like Microsoft, DocuSign, or PayPal. These emails often employ urgent subject lines to create a sense of immediacy, prompting recipients to open the attachments. The PDFs themselves are professionally styled and contain official logos, further enhancing their credibility. Victims are typically instructed to call a customer service number, where they are met by impersonators who attempt to extract sensitive information or trick them into installing malware. In addition to email-based attacks, cybercriminals are leveraging vishing techniques, using phone calls—including those made via messaging apps like WhatsApp—to deceive users into revealing confidential data. These calls often originate from foreign numbers and use automated voices to increase the likelihood of success. Recognizing the growing threat, Meta has introduced new security tools for WhatsApp and Messenger to help users identify and avoid scams. On WhatsApp, users now receive warnings when attempting to share their screen with unknown contacts during video calls, reducing the risk of inadvertently disclosing sensitive information. Messenger users can enable a 'Scam detection' feature, which alerts them to suspicious messages from unknown senders and offers the option to submit messages for AI review. If a scam is detected, users are provided with educational information about common scam tactics and options to block or report the sender. Meta has also taken significant action against scam operations, removing over 21,000 Facebook Pages and accounts impersonating customer support representatives. Furthermore, the company has disrupted nearly 8 million accounts linked to criminal scam centers operating from countries such as Myanmar, Laos, Cambodia, the UAE, and the Philippines. These scam centers target individuals globally through various platforms, including messaging, dating apps, and cryptocurrency services. The scams often involve romance baiting and fraudulent job offers, exploiting users' trust and financial vulnerability. Meta's efforts underscore the scale and sophistication of modern phishing campaigns and the necessity for ongoing vigilance and technological defenses. Users are advised to remain cautious when interacting with unsolicited communications, especially those requesting sensitive information or urgent action. The combination of technical countermeasures and user education is critical in mitigating the risks posed by these evolving phishing threats. Organizations and individuals alike must stay informed about the latest tactics used by cybercriminals and adopt best practices to safeguard their information. The ongoing battle between attackers and defenders highlights the dynamic nature of the cybersecurity landscape and the importance of proactive security measures.
1 months ago
Social Engineering Scams Exploiting Mobile Device Features to Steal Credentials and Funds
Cybercriminals are increasingly leveraging built-in features of popular mobile platforms to execute sophisticated social engineering scams aimed at stealing sensitive credentials and financial assets. On WhatsApp, scammers exploit the screen-sharing function by impersonating trusted entities such as bank employees or support agents, coercing victims into sharing their screens under the pretense of resolving urgent security issues. This access enables attackers to view and capture one-time passwords (OTPs), banking details, and other personal information, resulting in significant financial losses. In response, Meta has introduced AI-powered safety tools, including real-time warnings when users attempt to share their screens with unknown contacts, to mitigate these attacks. Similarly, iPhone users are being targeted through phishing campaigns that exploit the "Find My" feature. After a device is lost or stolen, scammers send convincing fake messages—purportedly from Apple Support—containing links that claim to help locate the missing phone. By leveraging accurate device details and the victim's sense of urgency, attackers trick users into divulging their Apple ID credentials, potentially granting full access to personal data and accounts. Authorities such as Switzerland’s National Cyber Security Centre have issued warnings about these tactics, emphasizing the need for heightened vigilance when responding to unsolicited messages related to lost devices.
1 months ago