Meta’s WhatsApp, an instant messenger (IM) for intimate communication with friends and family in its heyday, has become a breeding ground for spammers.
Not a day goes by without warnings from security experts that fraudsters are using purchased virtual numbers to initiate international calls and messages, fishing for confidential information, including bank account details from unsuspecting victims. The consistent spamming of WhatsApp feeds with unsolicited ads and suspicious messages and links raises serious cybersecurity concerns while also degrading the user experience.
To its credit, WhatsApp has been ramping up its efforts to curb problematic behavior on its platform. Case in point, the IM banned over 7 million accounts in India in a single month in late 2023 for various Terms of Service violations.
However, the most significant piece of action came in the form of Meta disallowing VOIP numbers from registering and using the WhatsApp Business App.
It’s official; Meta doesn’t want you using WhatsApp Business on a VOIP number
WhatsApp has made it clear through an official FAQ section on its website that VOIP numbers are unsupported, meaning that even if your business has one operational now, it could be banned in the future.
The action is likely to prevent the misuse of VOIP by unscrupulous marketers for spamming or even malicious individuals, like hackers who find the technology quite useful, owing to the:
- Ability to modify or hide the caller ID and telephone numbers, making it challenging to identify the location or person behind the spamming
- Ability to impersonate reputable individuals / organizations or people known to the target by modifying the caller ID and call location
- Ability to spam thousands of users with a single internet connection due to the low cost and possibility of utilizing multiple virtual numbers from a single network/ device
Given these capabilities of VOIP systems, there is rampant abuse of the technology by spammers, especially ones masquerading as businesses that cause a lot of pain for WhatsApp users in the form of:
- Bulk / frequently forwarded messages that are unsolicited and from people or business accounts that they are unaware of
- Repeated spam calls or messages from unknown numbers, often appearing to be sent from an international location
- Phishing messages that appear to arrive from a legitimate source that may lead to the loss of critical user information
- Sharing of suspicious links that may infect the user’s system with malware
- Malicious actors sending spam that appear to be texts for password recovery, OTP verification, login requests, etc.
- An unrelenting stream of spam messages from brands for promotional deals, new launches, etc.
Navigating VOIP challenges in a compliant manner
While WhatsApp explicitly states that VOIP numbers aren’t supported, these virtual digits are still preferred by many businesses for their convenience.
It is quite likely that the numbers will be banned if the system detects that it is not a real number or if it gets consistently reported.
However, if businesses still choose to embrace VOIP technology for their telephony, it is highly recommended that you follow these best practices:
- Choosing a secure VOIP vendor
If your business is in a regulated industry, it is crucial to ensure your VOIP provider has the right accreditations and compliance capabilities.
Ideally, check for SOC 2 Compliance / Service Organization Control (SOC) certification, Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), etc., compliance depending on the industry.
Notably, the provider must have in place measures, including TLS and SRTP call encryption to ensure that your VOIP connection isn’t hijacked or misused.
- Implementing multi-factor authentication, firewalls, and powerful encryption
It is crucial to enable multi-factor authentication for all the users in your business network who have access to virtual numbers and VOIP technology for sales outreach or any other purpose, including internal communication via platforms, such as WhatsApp.
Other than that, employing firewalls and encryption for the VOIP transmission and ensuring these measures are up-to-date always are mission-critical for organizations to combat vulnerabilities.
- WhatsApp recordkeeping
WhatsApp text archiving can go a long way in mitigating several of the major challenges with using VOIP numbers. With a solution, like TeleMessage, compliance teams can closely monitor employee use of platforms, including WhatsApp, WeChat, Telegram, and Signal and rein in spam or unwanted messages sent to prospects and clients.
WhatsApp capture using an archiving solution also solves the issue of employees being able to share non-compliant messages by masking their identity via VOIP. This could potentially save companies from billion-dollar penalties, like the WhatsApp fines handed to financial giants by the US Securities and Exchange Commission and the Commodity Futures Trading Commission because their employees were escaping recordkeeping requirements by using non-approved apps.
Conclusion
Undoubtedly, the fight against spammers on WhatsApp is going to be a long fought one, with major causalities in terms of Business account bans due to VOIP use. Alongside Meta, users also have to take the initiative to report spammy messages from unknown callers or texters.
For companies and their compliance teams, it is more important than ever to secure their VOIP network it at all they use it because a vulnerable network can lead to the impersonation of your business, your customers getting malicious messages, and the company ultimately losing its hard-earned trust among its users. Even more critically, companies must make it a priority to undertake WhatsApp text archiving of their employee conversations whether it happens over a real number or a virtual one to stay compliant with industry regulations and have a single source of truth in case the VOIP accounts are compromised or misused and lead to litigation.
An archiver like TeleMessage can in real-time make digital copies of the messages and calls with all the relevant context, including date, time, phone numbers involved in sending or receiving the communication, etc. The solution can further auto-flag problematic conversations happening over the network based on pre-set keywords, safeguarding your customers and prospects from spam that could get your employee account banned.
To get the ball rolling on the journey towards comprehensive WhatsApp compliance, contact us for a demo/ consultation.
About TeleMessage
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls WhatsApp, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice of archiving data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
