Overview

• Bitdefender says the ongoing campaign has deployed 177 fraudulent domains and 554 unique URLs, targeting thousands of users over the past two months.
• Messages appear to come from a contact asking for a vote and direct users to a fake site that requests a phone number and the WhatsApp verification code.
• Supplying the code lets attackers register the number, lock the owner out, and use the hijacked account to solicit money or personal details from contacts.
• Researchers report most activity in Germany, Poland and Romania, with warnings that the UK could be targeted next.
• Guidance includes never sharing verification codes, verifying money requests by phone, reporting suspicious messages in-app, requesting a new code if compromised, contacting WhatsApp support, alerting banks after transfers, and notifying contacts.