WhatsApp scammers have reportedly designed a new technique to avoid the anti-spam safety checks that WhatsApp introduced on its platform over the past year. According to a Reddit post, user TheSilentShadow15 alleges that the new technique involves the spammer sending a ‘code’ of some unknown kind to a random individual, and then stating that it was sent by mistake. The spammer then allegedly asks the target user to send it back, and then proceeds to do the same with multiple other people. While the direct intentions or implication of this may not be clear immediately, it appears that this technique may be designed to avoid WhatsApp’s spam detection methods, therefore being potentially serious in nature.
The Facebook-owned messaging service have a number of ways through which they take on detecting spammers and getting rid of spam activities on the platform. One of the methods adopted by WhatsApp was tracing the activities of a user. Spammers on WhatsApp typically sent bulk messages without receiving responses, which was deemed as an indication that the user may be spreading spam links. Since WhatsApp’s end to end encryption in messages mean that it cannot read the texts, this became a reliable way to detect spammers or those spreading fake news and propaganda on the platform.
With the technique mentioned above, the spammers appear to be receiving replies from the target users, therefore appearing to host legitimate conversations and skipping the spam filter. This may make it significantly harder for WhatsApp to efficiently detect spams and any attached malware URLs that may come with such messages. The Reddit post claims that the technique is “spreading like wildfire”, and is mainly targeting people in Dubai, as well as other parts of the world. However, there is little clarity so far on how widespread this technique is.
Going forward, users of WhatsApp are urged to not respond to such messages, and instead report any received message that may suggest something similar as stated above. Users are also urged to not click on any link that an unidentified person may have sent in a message, since these links may often turn out to be spam, or contain harmful malware that may download itself in the background to steal personal data. It is not clear yet as to how widespread this technique is already, and users are urged to report it to WhatsApp the moment they come across it.