Over the past few days, WhatsApp’s Click to Chat feature came under scrutiny for an alleged privacy breach. Indian security researcher Athul Jayaram recently highlighted that multiple ‘Click to Chat’ WhatsApp URLs are being indexed on search engines, and that may potentially allow anyone to look up these links and contact people. While Jayaram stated that close to 300,000 user-generated WhatsApp Click to Chat links were indexed on Google, a WhatsApp spokesperson’s statement has since confirmed that the issue has been resolved, and no such user URLs are indexed in the public domain any longer.
However, a few key things are important to be noted here. To begin with, getting hold of an individual’s phone number in today’s world is not particularly difficult, even without mistakenly indexed WhatsApp URLs. As a result, the actual problem in this situation is that of spammers who try to leverage popularly used tools to reach more users, than privacy. In fact, it is something that isn’t WhatsApp’s fault, either.
The spam threat
Case in point is how the feature works. With Click to Chat, all that a user needs to do is key in a person’s phone number on the WhatsApp URL, in order to message him/her. In effect, it bypasses the one small step of having to save a person’s phone number before contacting via WhatsApp, and that leads to the possibility of spammers using it to target a wider base of users.
Spammers are known to procure phone number lists and target users with calls and messages related to phishing, identity theft, password theft and more. With a steadily expanding base of users in India, WhatsApp would make for a lucrative ground for spammers too.
How WhatsApp takes on spammers
However, WhatsApp’s anti-spam initiatives taken over the past one year make the platform less than ideal for spammers to efficiently monetise their targets. To begin with, WhatsApp allows businesses to label their official WhatsApp accounts as verified or business accounts, which differentiate them from individual numbers that claim to represent companies. If you see a message on WhatsApp that claims to be from a bank representative but without any verified link to the bank, it is prudent to not trust it and immediately contact your banking relationship manager.
Furthermore, WhatsApp allows users to restrict people who can see their profile photos and status updates, thereby limiting the scope of identity threat from the platform. It also uses its proprietary AI algorithm to scan for new numbers that register on the platform and start sending bulk messages to many users, without receiving any responses. A senior WhatsApp official confirmed to News18 that over 2 million such accounts are blocked on a monthly basis. This further makes it less than ideal for a spammer to use WhatsApp as a targeting platform.
How you can keep yourself safe
As a user, the primary safeguard that you can take is to refrain from sharing a clickable contact link on public domain, such as social media platforms. This can go a long way from preventing random spammers from sending you messages on WhatsApp, even if you cannot control anyone getting hold of your number from bulk calling lists.
You are also urged to refrain from clicking on any links that are sent to you from unknown profiles, and block and report them if you see any such messages in your WhatsApp inbox. A proactive approach to raising red flags to questionable messages can go a long way in keeping your WhatsApp safe from spammers.
While WhatsApp’s Click to Chat link is a powerful tool for businesses, you as a personal user would only be urged to use it when you have a specific need for it. You can also ensure that your WhatsApp privacy settings are adjusted to not allowing anyone to directly add you to groups, and that you would be sent a group invite link before being added. This further lets you steer clear of spammers or unknown advances.