What's up with this "Please add me on WhatsApp" robocall spam?

https://shkspr.mobi/blog/2025/05/whats-up-with-this-please-add-me-on-whatsapp-robocall-spam/

Over the last few weeks, I've received several calls which all have the same modus operandi. A disembodied robotic voice tries to get me to connect on WhatsApp.

Some of the voices are reasonable facsimiles of human voices (like the above) and some are just garbage.

Download this audio file.

The voice clip plays and the call immediately terminates.

What I can't understand is how this can possibly be effective from the scammers' point of view. On receiving the call the victim must…

1. Decided to answer from an unknown number.
2. Listen to the message and decide it is legitimate.
3. Go the their phone's dialler app.
4. Copy the caller's phone number.
5. Open WhatsApp.
   • Install WhatsApp if they don't have it already
6. Create a new contact - giving a name - and pasting the number.
7. Engage with the contact.

That's a lot of effort based on… what? A vague offer? There's a little bit of a curiosity gap but not much. It's hardly "add me on WhatsApp or we'll release the photos we have of you" or "you've won the lottery, add me on WhatsApp to get the funds", or "This is the CEO of your company, urgently add me…".

I guess that if a spammer is able to send out thousands of these messages then they might be able to attract a couple of people to engage with them. There's no easy way to report a spam account to WhatsApp unless you've engaged with it.

I also assume that WhatsApp will see that you were the person who initiated WhatsApp contact - which makes them less likely to think the scammer is the problem.

I am just fascinated to see if this scam can possibly be effective. Generating fake voices is free, as is placing short calls. WhatsApp accounts are also free and easy to automate. But are there really that many people willing to go to the effort of adding a new contact based on so little information?

Obviously, all spam is a numbers game. If the message reaches someone receptive to a robocall, they're less likely to query the scam. And, yes, I know that you're a very clever boy and don't answer unknown numbers - but in the real world people get calls from hospitals, recruiters, and friends with new numbers.

If you're a spammer and have found this approach effective - please leave a comment!

Eat, Sleep, Scam, Repeat?

Losing your life savings to a crypto scam is devastating — but for many victims, the nightmare doesn’t end there.

While recently investigating a network of fake cryptocurrency exchanges, we uncovered something even more twisted: a cluster of scam websites posing as law firms offering 'crypto recovery' services.

Yep, the very same scammers who stole the funds are now posing as lawyers, pretending to help victims recover what they lost… for a fee, of course.

Preying on victim hope and desperation, these scammers have been known to:

- Contact victims directly using details obtained during the original scam
- Advertise openly on social media
- Lurk in public forums, targeting those seeking help from the community

Using a mix of lookalike sites impersonating legit legal firms and entirely fake entities, often with stolen names and photos of legitimate legal professionals, here are some recent examples of what we've encountered:

- Posing as 'Adam & Shawn Law Group'
- adamshawnllp[.]com
- adamshawnlaw[.]com
- Posing as 'Jefferson Caldwell International Law Firm'
- jeffersoncaldwelllawgroup[.]com
- Posing as 'Schlueter & Associates'
- schlueterlawfirm[.]it[.]com
- Posing as 'Zojz & Associates Legal Group'
- zojz[.]com
- zojz[.]cc

Not only do these domains share registration characteristics with fake crypto exchanges, but we've also observed site structures, content and design elements across fake law firms, crypto exchanges and task scam sites.

Aside from avoiding the initial scams, be cautious of any 'law firm' that:

- Sends unsolicited emails or DMs offering crypto recovery help
- Has a website with no verifiable legal credentials
- Pressures you to pay fees upfront, especially to a third-party entity or via crypto
- Uses vague or generic testimonials

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam