In early August, the creators of WhatsApp released a feature that allows you to remotely sharing the screen of our smartphone with others. This tool can be useful, for example, when we are presenting in front of a group of people and we want to show them the content of the slides we have prepared in a quick and easy way. A similar solution has already appeared in applications for remote teamwork – such as Microsoft Teams, Zoom, Skype or Webex Meetings.
Unfortunately, it turns out that a seemingly innocent function can carry a great threat. This fact was pointed out by experts from the KNF CSIRT (Computer Security Incident Response Team of the Polish financial sector).
Cybercriminals are taking advantage of WhatsApp’s new feature to remotely view your screen. This allows them to see exactly what we do on our phone during the scam
– warns CSIRT KNF.
Bank employee scams are back. Criminals have a new tool
Experts point out that the new WhatsApp function can be used by criminals, e.g. in the case of a “bank employee” scam, i.e. the so-called spoofing. It’s about a situation where a fraudster calls a potential victim and pretends to be an employee of the security department of a given financial institution – in order to extort money from our bank account.
So far, one of the most difficult – from the point of view of criminals – stages of this scam was to get the victim to install the application on their smartphone on their own, which allows remote screen sharing. Without this step, it was impossible to access the victim’s login details.
Read also:
“Previously, they used dedicated remote assistance applications for this purpose, which required separate installation” – experts from the KNF explain. It’s about applications like TeamViewer Quick support and Anydesk.
The new WhatsApp function – contrary to the intentions of the application developers – is therefore a kind of gift for scammers. They can use a tool that many people already have on their smartphone. According to data from the Statista website, More than 2.7 billion people around the world use WhatsApp every month.
Thanks to this, they do not have to persuade or explain to the victim how to install an additional tool. However, as before, after gaining a peek, they amplify social engineering and control every action of the victim.
– explain KNF experts. Therefore, it is worth being especially careful when using the screen sharing function – in particular when talking to a person/people you do not know.
How not to be deceived?
First, calls from the bank hotline always treat with a hint of suspicion. The fact that a bank number is displayed on our phone does not mean that the caller is who he claims to be. If we have any doubts, let’s hang up at the very beginning and then make a call to the bank to find out if there really was a problem on our account.
Secondly, remember that an employee of the bank’s hotline has no right to ask us for our password or other login details for electronic banking. It also cannot persuade us to install any application, including the official application of the bank.
Finally, thirdly, let’s take care of our online identity, and above all, the security of our passwords. Unfortunately, not everything depends on us here. We can even use complex passwords, but if the store whose services we use falls victim to a leak, it will be of little use.
Therefore, it is worth changing passwords regularly – even every 2-3 months. It is also worth remembering the principle of one account = one password. Using the same password for all services is a gift for criminals. It’s as if we handed them the master key to our online identity.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
