A rapidly growing scam targeting WhatsApp users has emerged as one of the most dangerous social-engineering threats across global messaging platforms. Cybersecurity experts are warning that criminals are exploiting WhatsApp’s screen-sharing feature introduced in 2023 — to trick victims into revealing highly sensitive financial and personal data.
Reports of the scam have surfaced across the United Kingdom, India, Hong Kong, and Brazil, highlighting its worldwide reach. In one high-profile case in Hong Kong, a victim was deceived into sharing their screen, enabling fraudsters to siphon off HK$5.5 million (US$700,000).
Unlike malware-driven cyberattacks, this scheme relies almost entirely on human manipulation making it exceptionally difficult to detect and prevent.
How the Scam Works
The attack begins with an unsolicited WhatsApp video call. Criminals pose as bank officers, Meta support staff, government agents, or even distressed family members. To appear credible, they often spoof local phone numbers and obscure their video feed to hide their identity.
They then generate panic by claiming:
- Suspicious activity on a bank account
- Unauthorized card charges
- A security alert requiring instant verification
- A problem with WhatsApp that needs immediate fixing
ESET researchers categorize the tactic as a potent form of remote-access fraud that blends:
- Authority – impersonating trusted institutions
- Urgency – fabricating a crisis
- Access – convincing the victim to share their screen
Once the victim complies, the attacker gains full visual access to the contents of the device.
Screen sharing gives criminals real-time visibility into:
- One-time passwords (OTPs)
- Two-factor authentication codes
- Banking app screens
- Email accounts
- Password managers
- Private chats
Some attackers go further by persuading the victim to install remote access tools such as AnyDesk or TeamViewer. In more serious cases, victims unknowingly install malware including keyloggers, enabling long-term monitoring and theft.
How Attackers Take Over WhatsApp Accounts
With access to incoming text messages and verification codes displayed during screen sharing, criminals can immediately take control of a user’s WhatsApp account. Once hijacked, the account becomes a launchpad for additional fraud:
- Accessing sensitive conversations
- Targeting contacts with new scams
- Impersonating the victim to steal money
- Resetting passwords on other linked accounts
- Raiding bank accounts and digital wallets
The cascading nature of these attacks often leads to widespread losses across social circles and family networks.
Prevention Relies on Awareness, Not Technology
Experts emphasize that defending against this scam depends far more on user vigilance than on technical safeguards.
Users should:
- Never share their screen with unexpected or unknown callers.
- Independently verify any urgent claims by contacting their bank or institution directly.
- Enable WhatsApp two-step verification (Settings → Account → Two-step verification) to add an extra layer of protection.
- Avoid installing remote-access apps unless for verified, legitimate support.
Cybersecurity professionals stress that social engineering remains one of the most effective tools in modern cybercrime and that skepticism, patience, and independent verification remain the strongest defenses.
Add a Comment