A dangerous scam targeting WhatsApp users has emerged as one of the fastest-growing threats across messaging platforms worldwide.
The scheme exploits WhatsApp’s screen-sharing feature, introduced in 2023, to manipulate users into exposing their most sensitive financial and personal information.
Reports from the United Kingdom, India, Hong Kong, and Brazil highlight the scam’s global reach, with one documented case in Hong Kong resulting in a loss of HK$5.5 million, equivalent to US$700,000.
This social engineering attack demonstrates how even trusted communication platforms can become weapons when criminals combine psychological manipulation with technical access to a user’s device.
The scam operates on a foundation of deception rather than sophisticated malware, relying entirely on human psychology to achieve its goals.
Attackers place unsolicited WhatsApp video calls, impersonating bank representatives, Meta support agents, or even family members in distress.
.webp "WhatsApp Screen-Sharing Scam Let Attackers Trick Users into Revealing Sensitive Data 3")
To appear legitimate, they spoof local phone numbers and deliberately disable or blur their video feed to conceal their identity.
The attacker then creates a false sense of urgency by claiming unauthorized charges on credit cards, suspicious account activity, or pending verification issues that require immediate action.
ESET security researchers have identified this scam as a particularly effective variant of remote access fraud that exploits three critical elements: trust established through an impersonated authority figure, urgency created through fabricated threats, and control granted by the screen-sharing feature or remote access applications.
The combination of these factors provides criminals with near-complete visibility into a user’s smartphone.
Once the victim agrees to share their screen, the attacker’s access becomes comprehensive. Criminals can observe passwords, two-factor authentication codes, one-time passwords, and banking applications in real time.
They can capture screenshots, request the user to open financial apps, and manipulate them into authorizing unauthorized bank transfers under the pretense of resolving technical issues.
More alarmingly, attackers often trick users into installing remote access tools like AnyDesk or TeamViewer, which grant them full control of the device.
Some victims have unknowingly installed malware such as keyloggers that silently record sensitive information for later exploitation.
Technical Mechanism
The Technical Mechanism Behind Account Takeover demonstrates why this attack remains so dangerous. When an attacker gains access to incoming text messages and WhatsApp verification codes through screen sharing, they can immediately hijack the victim’s WhatsApp account.
With control of the account, criminals access stored conversations, financial data, and personal contacts.
They proceed to drain banking accounts, hijack social media profiles, and impersonate victims to target their relatives and friends with the same scam, creating cascading waves of fraud.
Defense against this threat depends primarily on awareness and discipline rather than technical solutions.
Users should never share their screen with unknown callers and must independently verify any alarming information through official channels before taking action.
Enabling two-step verification in WhatsApp by navigating to Settings → Account → Two-step verification provides crucial protection by requiring a second authentication factor even if credentials are compromised.
Organizations and individuals must recognize that social engineering remains the most powerful weapon in a cybercriminal’s arsenal, making skepticism and careful judgment the strongest defenses against such attacks.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
