A dangerous scam targeting WhatsApp users has emerged as one of the fastest-growing threats across messaging platforms worldwide. This attack exploits WhatsApp’s screen-sharing feature, introduced in 2023, to trick users into exposing sensitive financial and personal information.
Global Impact
Reports from the UK, India, Hong Kong, and Brazil highlight the scam’s global reach. In one case, a victim in Hong Kong lost HK$5.5 million (US$700,000). This demonstrates how trusted platforms can become weapons when criminals combine psychological manipulation with technical access.
How the WhatsApp Screen Sharing Scam Works
Unlike traditional malware attacks, this scam relies entirely on social engineering. Here’s the typical process:
- Unsolicited Video Call
Attackers initiate WhatsApp video calls, impersonating:- Bank representatives
- Meta support agents
- Family members in distress
- Spoofed Identity
They spoof local phone numbers and blur their video feed to appear legitimate. - Create Urgency
Scammers claim:- Unauthorized credit card charges
- Suspicious account activity
- Pending verification issues
- Request Screen Sharing
Victims are asked to share their screen to “resolve” the issue. Once granted, attackers gain full visibility into:- Passwords
- Two-factor authentication codes
- Banking apps and OTPs
Why This Scam Is So Dangerous
ESET researchers classify this as a remote access fraud variant exploiting:
- Trust (impersonated authority)
- Urgency (fabricated threats)
- Control (screen sharing or remote access tools)
Attackers often trick victims into installing apps like AnyDesk or TeamViewer, granting full device control. Some victims unknowingly install keyloggers that silently capture sensitive data.
Technical Mechanism Behind Account Takeover
Once attackers access incoming messages and WhatsApp verification codes via screen sharing, they can:
- Hijack the victim’s WhatsApp account
- Access stored conversations and financial data
- Impersonate victims to scam friends and family
This creates cascading waves of fraud, draining bank accounts and compromising social media profiles.
How to Protect Yourself
Defense against this scam depends on awareness and discipline, not just technology.
Essential Tips
- Never share your screen with unknown callers.
- Verify alarming claims through official channels.
- Enable two-step verification in WhatsApp:
- Go to Settings → Account → Two-step verification.
- Avoid installing remote access tools unless absolutely necessary.
Key Takeaways
Social engineering remains the most powerful weapon in a cybercriminal’s arsenal. The best defense is skepticism and careful judgment. Stay alert, and never let urgency override security.
