Whatsapp phishing is a form of internet fraud in which you receive false Whatsapp emails and / or Whatsapp messages. Whatsapp phishing is real, and you need to be aware of this. Whatsapp phishing attacks often aim to obtain personal information from their victims.
This is how whatsapp phishing attacks work
Criminals pretend to be someone that can win your trust or interest. Their goal is to find out your personal information so they can commit fraud. Phishing happens in several ways:
- Criminals ask you to click on a link in a fake email or text message.
- Criminals ask for your codes or personal information on the phone.
- A fake email has an attachment with malicious software (malware).
- A false letter, email or text message states that you must send credentials or user bound information
Whatsapp phishing example
The cybercriminal setup a domain like ‘whatsappgroup18[.]loginnow[.]gq’ and try to mimic the official layout of an environment which you trust. In the example below, they used the Whatsapp colours.

Once the cybercriminal has setup the Whatsapp phishing environment, it will continue to setup pages which will be used to obtain the information the cybercriminal is after. In this case, it is the Facebook email address and the Facebook password.

As you can see in the example above, once the user clicks on the ‘Join chat’ button, two new fields will appear.
In this case, the cybercriminal is pleased if the email address, phone number and the password is obtained.
Examples of Whatsapp phishing domains
The Whatsapp phishing domains which have been listed have been or are still serving malicious content. It is also for that reason, that we have added extra characters to the domains so that you cannot click on them by accident.
whatsappgroup18[.]loginnow[.]gq chat[.]whatsagp[.]com cht-whatsappz[.]zzux[.]com message-whatsapp[.]com m[.]whatsap[.]com whatsapp[.]wingifte[.]com
When you are asked to click on a Whatsapp link, it is extremely important to be extra vigilant. Think to yourself, “Who asks that and why?” In such a case, it is wise to always first check the source to see if it is correct.