Scammers are rife, as usual, this time they've been spotted buying up spaces on Google search ads, in order to masquerade as a frankly pretty legit-looking version of WhatsApp web.
The link to the fake WhatsApp site was found at the top of Google, meaning the people behind it must have invested a great sum of money into getting the malicious link where it could be seen, as TechNave reports (via NLT).
From the images, the forged site is appears as a near identical copy of the official WhatsApp web application, the only discernible difference being the URL:
What is up com.com… really? I mean, maybe without my glasses on I'd have been fooled, or with a big old hangover. Still the site itself is highly convincing, and even shows up with a fake QR code to scan which would instantly fire over your login details to the offending party.
Apparently there are a few things the hackers may have overlooked, however, that could give vulnerable people a chance to double take before they hand their details over.
First off, there's no way to switch the language to anything but Simplified Chinese—a bit of a giveaway as WhatsApp is available in many languages. Secondly, and most strangely, since WhatsApp has been blocked in China since 2017 the majority of people who can actually read the site haven't been able to access WhatsApp for years without bypassing the block.
Thinking about it, these may seem like oversights to us, but may well be tactics the hackers have chosen to run with on purpose. Maybe there's still a great deal of search for WhatsApp in China. Or perhaps the hackers see themselves as "Villain Killers," targeting those who would bypass the rule of the Chinese government for the vile act of using free, secure messaging services.
However these hackers see themselves, Google is onto them, having thankfully removed the ads. No one appears to have shut the fake WhatsApp site down yet, however, so stay vigilant if anyone invites you to WhatsApp via a dodgy looking link.
As ever, it pays to be vigilant of any link online; this isn't the first time that Google has been advertising a scam site at the top of its search results. Earlier in the year EVGA, ex-graphics card manufacturer and peripheral maker, was the subject of a similar scam, with a site pretending to be EVGA's popping into the top spot via a paid-for ad.
The fake EVGA site has long since been removed, but we suspect it tricked a few during its time.