This scam is a fast-growing form of remote access fraud that manipulates WhatsApp users into revealing sensitive data by tricking them into sharing their phone screens during a video call. Cases have been reported globally, including in the United Kingdom, India, and Hong Kong, where one victim lost US$700,000 (HK$5.5 million). The scam relies on psychological manipulation rather than technical wizardry.
Severity: Moderate
How The Scam Unfolds
| Step | Action by Scammer | Goal/Deception |
| 1. The Call | Initiates a WhatsApp video call from an unfamiliar number | Masquerades as a bank/service representative, WhatsApp/ Meta support agent, or friend/relative in distress. The video feed is often disabled, dark, or blurry to hide their identity. |
| 2. The Problem | Creates a sense of urgency by claiming there is an issue | Fabrication of problems like an unauthorized credit card charge, an open session needing closure, a pending prize, or an account suspension risk. |
| 3. Screen Sharing | Requests the victim to share their screen | Ostensibly to “assist remotely” and resolve the alleged issue. Victims may also be asked to install remote access apps like AnyDesk or TeamViewer. |
| 4. Theft of Data & Money | Views the victim’s screen in real-time | Steals incoming WhatsApp verification codes (allowing account takeover), passwords, 2FA codes, and OTPs. They may also capture screenshots, trick the victim into making bank transfers, or dupe them into installing malware (like keyloggers). The ultimate goal is to drain accounts and hijack social media to continue the scam, often targeting the victim’s relatives and friends. |
The combination of trust (a video call from a trusted-sounding entity), urgency (a fabricated problem), and control (granted via screen sharing) gives criminals near-total visibility into the victim’s phone.
Recommendations
- Never share your screen with someone you do not personally know, especially during an unsolicited call.
- Hang up if an unknown caller claims to represent a bank or trusted entity, and contact the institution directly through a verified channel.
- Never share passwords, verification codes, or financial data over the phone. Legitimate companies will not ask for this via unsolicited calls.
- Avoid installing remote-access apps like AnyDesk or TeamViewer at the request of strangers, as these grant full control over your device.
- Verify alarming information independently. Do not act impulsively; instead, contact your bank or relative directly through another channel.
- Enable Two-Factor Authentication (2FA) in WhatsApp. This provides a second factor needed to access your account, even if cybercriminals get your login credentials.
- Ensure mobile operating systems and security software are up to date.
- Educate employees and users on identifying and reporting social engineering scams.
- Run simulated phishing/social engineering campaigns including impersonation via video calls.
Source:
Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn
No related posts found.