Clickable links also enabled people to lose control of their WhatsApp accounts. The message was legit but the request was not. If they had sent a code, the attacker would have to convince people to give it to them. With the link, a lot of users assumed they needed to click to keep using Whatsapp. Not sure what Facebook was thinking but it was a pretty bad move.