A new type of digital fraud is using a native WhatsApp feature to apply financial scams in a quick and devastating way. Cibercriminosos trick victims into enabling screen sharing during video calls, thus gaining full visual access to sensitive information such as banking app passwords and verification codes received via SMS.
The tactic is based on accurate social engineering, in which scammers pose as employees of financial institutions, technology companies or government agencies. Eles create a false sense of urgency, claiming serious problems such as suspicious transactions or risk of account blocking, to pressure the victim into following their instructions without question.
Reports of significant losses have already been recorded in various parts of the world, with isolated cases exceeding the $700,000 mark. The effectiveness of the scam lies in the fact that access is voluntarily granted by the victim himself, which makes detection difficult by traditional security systems that search for malicious software.
How Screen Sharing Scam Works
The first contact usually occurs through a video call from an unknown number, where the criminal keeps his camera turned off or with the image distorted. Apresentando As a supposed technical support specialist or bank manager, he describes a fictitious problem that requires immediate action to resolve.
With the victim under pressure, the fraudster instructs him to activate the screen sharing function, available on WhatsApp itself. Ele justifies the need for the resource to “follow the procedure” or “identify the error” on the device, ensuring that everything is being done in a safe and official way.
Once the screen is being shared, the scammer asks the victim to open their banking app to check the alleged irregularities. Nesse moment, it can see the user entering the password, CPF and other access data in real time. The criminal can also see authentication codes that arrive via notification or SMS.
With the credentials in hand, the scammer makes transfers, pays bills and takes out loans in a matter of minutes. In many scenarios, it instructs the victim to install remote access applications, such as AnyDesk or TeamViewer, to gain full control of the device and perpetuate the scam against contacts in the address book.
Remote access tools become digital weapons
Applications such as AnyDesk and TeamViewer are legitimate tools widely used by IT professionals to provide technical support remotely. Sua main function is to allow a user to remotely control another device, facilitating software troubleshooting and configuration without the need for physical presence.
However, in the hands of criminals, this functionality turns into a powerful weapon. By convincing the victim to install and authorize access, fraudsters gain the ability to freely browse the cell phone, open applications, copy files and change security settings, all invisibly to the device owner.
The global dimension of the financial loss
The threat transcends borders, with authorities in multiple countries issuing warnings about the growing incidence of this type of fraud. Especialistas of digital security company ESET documented the tactic with records of successful attacks on Reino Unido, Índia and Hong Kong. In one of the most serious cases, a victim in Hong Kong suffered a loss of 5.5 million local dollars, equivalent to approximately 705 thousand US dollars. No Brasil, although the amounts are generally lower, reports in online communities indicate losses ranging from hundreds to thousands of reais, occurring every few minutes. Cooperation between cyber police from different nations has already resulted in the identification of criminal cells, but the decentralized and anonymous nature of the internet represents a constant challenge for law enforcement. The agility of criminals and the difficulty in tracking the transferred funds complicate the recovery of the stolen amounts.
Warning signs that indicate a scam attempt
The main warning sign is any unsolicited contact, whether by call, message or video call, that asks you to perform actions on your cell phone. Instituições financial institutions and serious companies do not initiate contact in this way to resolve security issues, much less ask to install applications or share the screen.
Creating a scenario of urgency and panic is a classic social engineering tactic. Frases such as “your account will be blocked in minutes” or “a suspicious high-value purchase has been approved” are used to cloud the victim’s judgment and prevent them from thinking rationally.
Be wary of any interlocutor who insists that the conversation continue exclusively via WhatsApp or another messaging app. Canais customer service officers, whose numbers are available on company websites and cards, are always the safest way to confirm any information.
Preventive measures recommended by experts
The golden rule is to never share your cell phone screen with strangers, regardless of the justification given. Nenhuma legitimate financial institution or support company will request this type of access via an unscheduled video call. When receiving a suspicious contact, the recommendation is to hang up immediately and, if the concern persists, contact the company through its official channels to verify the veracity of the information. Calm is a fundamental ally; interrupting the call breaks the cycle of pressure imposed by the criminal.
Additionally, it is crucial to keep operating systems and applications up to date, as new versions often include security fixes that can mitigate vulnerabilities. Adotar strong, unique passwords for each service, especially for banking apps and emails, creates an extra layer of difficulty for fraudsters. Evitar Using public Wi-Fi networks to access sensitive information is also a best practice as these networks can be easily monitored by malicious actors.
The role of two-step verification
Enabling two-step verification (2FA) on both WhatsApp and banking apps is one of the most effective protection measures. In the case of WhatsApp, this function requires a six-digit PIN created by the user whenever the phone number is registered on a new device. Isso prevents the criminal from being able to hijack the account even if they have access to the verification code sent via SMS.
Immediate actions for fraud victims
If a person realizes they have fallen for the scam, agility is crucial to minimize damage. The first step is to immediately contact all banks where you have an account to block transactions, cards and access to the application. It is essential to report what happened in detail and request the activation of Mecanismo Especial of Devolução (MED) of Pix, if applicable.
Next, it is essential to register a Boletim of Ocorrência (BO) at the police station, either in person or online. The document makes the crime official and is essential for challenging transactions with financial institutions and for advancing investigations. Também it is important to change all application and email passwords to prevent new unauthorized access.
