This phishing threat involves a multi-stage social engineering attack targeting WhatsApp users. Initially, attackers send personalized messages via social networks or messengers, often appearing to come from acquaintances, requesting votes for a contest. Victims are directed to convincingly crafted phishing websites that simulate legitimate voting polls, available in multiple languages, increasing their reach. Upon clicking 'Vote,' victims are prompted to enter their WhatsApp-associated phone number and then a one-time verification code generated by WhatsApp's device linking feature. The attackers use this code to link their device to the victim's WhatsApp account, gaining full access without needing the victim's password or two-factor authentication PIN. Once compromised, attackers can read conversations, impersonate the victim to defraud contacts, and spread the phishing campaign further. The attack leverages the inherent trust users place in social contacts and the convenience of WhatsApp's device linking process, exploiting users' inattentiveness to security warnings. No malware or advanced exploits are required, making the attack relatively easy to execute at scale. Kaspersky recommends avoiding suspicious links, enabling two-factor authentication, regularly reviewing linked devices, and using official app versions. Additional protections include phishing detection technologies and user education to recognize social engineering tactics.

For European organizations, this threat poses significant risks primarily through social engineering targeting employees' personal WhatsApp accounts, which are often used for informal business communications. Account takeover can lead to identity impersonation, unauthorized access to sensitive conversations, and propagation of phishing links within professional networks, potentially compromising corporate data indirectly. The attack can facilitate business email compromise-like scenarios via messenger platforms, leading to financial fraud or data leakage. Moreover, compromised accounts can be used to spread misinformation or malware links, increasing organizational exposure. Given WhatsApp's widespread adoption across Europe, especially in countries with high mobile messaging usage, the threat can affect both individuals and businesses, undermining trust in communication channels and causing reputational damage. The ease of exploitation and social engineering nature mean even security-aware users can be vulnerable, necessitating proactive organizational measures.

European organizations should implement targeted user awareness campaigns focusing on the risks of messenger phishing and social engineering, emphasizing skepticism towards unsolicited voting requests and links. Technical controls should include deployment of advanced phishing detection and URL filtering solutions capable of identifying and blocking fake voting sites and malicious links in messaging apps. Encourage employees to enable WhatsApp's two-factor authentication and regularly review linked devices to detect unauthorized access promptly. Organizations should establish policies discouraging the use of personal messaging apps for sensitive communications and promote secure alternatives with enterprise-grade protections. IT teams can monitor for unusual messaging patterns or reports of account compromises to respond swiftly. Additionally, integrating mobile threat defense solutions that provide multi-layered protection against phishing on mobile devices can reduce risk. Finally, ensure that employees only install official versions of messaging apps from trusted app stores and maintain updated devices to minimize vulnerabilities.