WhatsApp Screen-Sharing Scam: How It Traps Victims

Scammers are exploiting WhatsApp’s screen-sharing feature (introduced in 2023) to hijack accounts, steal data, and drain bank funds—a modern twist on remote access fraud. Reports span the UK, India, and Hong Kong, where one victim lost HK$5.5 million (about US$700,000).

How the scam plays out

• The call: You get a WhatsApp video call from an unknown number. The fraudster poses as bank or service support, a Meta/WhatsApp rep, or a distressed friend. They may spoof a local number and keep their video dark or blurry to hide their identity.
• The problem: They create urgency—claiming an unauthorized charge, a suspicious login, a pending prize, or an impending account suspension—to pressure you into acting fast.
• Screen sharing: They ask you to share your screen so they can ‘help’. Sometimes they push legitimate remote-access apps like AnyDesk or TeamViewer. Once you share, incoming messages and WhatsApp verification codes are visible, allowing instant account takeover.
• Access to personal data: With real-time visibility, they harvest passwords, OTPs, and 2FA codes, capture screenshots, push you to open banking apps and authorize transfers, or trick you into installing malware (e.g., keyloggers).
• Theft and impersonation: After grabbing codes and financial details, they drain accounts and seize your social media, then impersonate you to target friends and family.

Why this scam works
It blends three powerful levers: trust (a ‘support’ video call), urgency (a fabricated crisis), and control (screen sharing or remote-access tools). Together, these give criminals near-total visibility into your phone.

How to protect yourself

• Never share your screen with anyone you don’t personally know—especially during unsolicited calls. Hang up and contact the company through verified channels.
• Don’t reveal passwords, PINs, card details, verification codes, or OTPs. Legitimate institutions won’t ask for these over unsolicited calls or messages.
• Avoid installing remote-access apps at someone else’s request. Tools like AnyDesk or TeamViewer can hand over full control of your device.
• Verify alarming claims independently. Pause, breathe, and confirm through official websites or known numbers.
• If told your bank account is at risk—or a relative needs urgent help—reach out to them directly via another channel before doing anything.
• Enable WhatsApp two-step verification (2FA): Settings → Account → Two-step verification → Turn on/Set up PIN. This adds a crucial extra barrier even if attackers get your codes.

Bottom line
Social engineering remains one of cybercriminals’ most effective weapons. A moment’s panic can cost a fortune—skepticism and calm verification are your strongest defenses.

Source: WeLiveSecurity