WhatsApp Screen Mirroring fraud: What it is, how to prevent
What's the story
A new wave of digital fraud is sweeping across India, targeting WhatsApp users through a sophisticated scam known as Screen Mirroring Fraud. The scam exploits trust, technology, and a sense of urgency, leaving victims vulnerable to financial and identity theft. Scammers typically impersonate representatives from trusted institutions such as banks or financial service providers. Under the pretense of offering assistance, they trick victims into installing remote access or screen mirroring apps.
Information theft
Once installed, these apps give fraudsters access to everything
Once installed, these remote access apps give fraudsters a real-time view of everything on the victim's screen. This includes one-time passwords (OTPs), banking app activity, UPI PINs, personal messages, and identity documents. With this access, scammers can instantly steal funds from accounts or hijack them altogether.They can even impersonate victims before they realize what's happening.
App protection
Effectiveness of security features varies greatly between platforms
Most leading banking apps in India come with security features such as secure screen overlays, screen capture lockdown, and session timeout capabilities. However, the effectiveness of these protective measures can vary greatly between platforms. Some apps directly prevent screen sharing or recording, while others may not have strong controls on rooted or compromised devices. Third-party applications can also bypass these security measures if users unknowingly grant permissions for screen-sharing.
Prevention tips
Verify the authenticity of callers claiming to be from banks
To avoid falling victim to the WhatsApp screen sharing fraud, verify the authenticity of callers claiming to be from banks or finance companies. Enable screen-sharing only when absolutely necessary and do it only with trusted contacts. If you use an Android phone, disable 'App installations from unknown sources.' Block suspicious numbers immediately and report them to cybercrime.gov.in or call 1930.