Recently, OneCard issued an advisory to its customers warning them about a potentially dangerous scam known as WhatsApp Screen Mirroring Fraud. While it is relatively easy to avoid this scam, the main issue is that not many people are aware of it, resulting in reports of individuals falling victim to it. If you become a target of this scam, you could lose access to your bank account, face identity theft, or suffer financial losses.

What is WhatsApp Screen Mirroring Fraud?

OneCard's advisory states: "In this type of scam, fraudsters trick a person into enabling screen-sharing via WhatsApp. This way, the fraudsters gain access to the person's sensitive information such as OTPs, bank details, passwords, personal messages, etc. As a result, the person can fall prey to financial losses, account takeovers, and even identity theft.

How Does WhatsApp Screen Mirroring Fraud Work?

According to the advisory, here’s how this fraud unfolds:

1. Trust
   
   The fraudster poses as an employee of a trusted organization, such as a bank or financial company. They falsely claim that there is an issue with your account and convince you to share your screen with them, marking the start of the fraud.
2. The Initiation
   
   The fraudster guides you through a tutorial on enabling screen-sharing on your device and then claims they can't see your screen properly, insisting that you start a WhatsApp video call with them.
3. The Theft
   
   While you are using the screen-sharing app, the fraudster can see your screen live. As you complete any banking transactions, claiming these are for verification, they are made aware of your OTP, PIN, or password the moment you enter it.
4. Alternative Way: Keyboard Logger
   
   Another method is through the installation of a keylogger or keyboard logger on your mobile device. Keyloggers monitor what you type on your virtual keyboard. This is why many
   banking websites provide an on-screen keyboard, as keyloggers cannot capture what you enter using this method. Once installed, the fraudster can steal your banking passwords, social media credentials, and more.
5. Using the Stolen Information
   
   The fraudster can use the information collected from your mobile device to make unauthorized transactions, manipulate your banking accounts, and even commit identity fraud.

Insights from Experts

Sheetal R Bhardwaj, an executive member of the Association of Certified Financial Crime Specialists (ACFCS), elaborates:
“A new wave of digital fraud is sweeping across India, targeting unsuspecting users through a sophisticated scam known as WhatsApp Screen Mirroring Fraud. This alarming trend exploits trust, technology, and urgency—leaving victims vulnerable to financial and identity theft.”

Fraudsters typically impersonate representatives from trusted institutions. Under the guise of offering assistance, they convince victims to install remote access or screen mirroring apps. Once these apps are active, scammers can view everything on the victim's screen in real-time, including:

1. One-Time Passwords (OTPs)
2. Banking app activity
3. UPI PINs
4. Personal messages
5. Identity documents

“With this access, scammers can instantly steal funds, hijack accounts, and impersonate victims often before the individual realizes what's happening,” Bhardwaj warns.

Banking Security Measures

Most banking apps in India have adequate protection against these types of fraud. Tarun Wig, Co-Founder and CEO of Innefu Labs, explains the current state of security:
“Most of the top banking apps in India do have security features like secure screen overlays, screen capture lockdown, and session timeout capabilities. However, the efficacy of these protection measures can differ considerably between platforms.”

Although certain apps prevent screen sharing or recording directly, others may lack strong controls, especially on rooted or compromised devices. If customers inadvertently provide screen-sharing permissions, some third-party applications can bypass these security measures. Ongoing innovation and stronger app-level controls are necessary to stay ahead of evolving fraud schemes.

How to Protect Yourself from WhatsApp Screen Sharing Fraud

According to the advisory, here are some dos and don'ts that, if followed, can help you avoid becoming a victim of WhatsApp screen sharing fraud:

Dos

• Verify the authenticity of callers claiming to be from banks or finance companies.
• Enable screen sharing only when absolutely necessary and only with trusted contacts.
• For Android users, disable the ‘App installations from unknown sources’ setting.
• Block suspicious numbers immediately and report them to cybercrime.gov.in or call 1930.

Don'ts

• Avoid answering calls from unknown or suspicious numbers.
• Never use financial apps (e.g., mobile banking, UPI apps, e-wallets) during screen sharing.

Additionally, follow these recommendations to ensure safety:

• Verify the caller's identity through official channels before engaging.
• Avoid screen-sharing unless absolutely necessary and only with trusted contacts.
• Enable two-factor authentication on all financial and messaging apps.
• Keep your phone's operating system and apps updated to close security gaps.
• Educate family members, especially elders, who may be vulnerable to such scams.
• Notify your bank to freeze or secure your accounts.
• Never respond to calls from unknown numbers that pressure you to act quickly.

By staying informed and cautious, you can protect yourself from falling victim to WhatsApp Screen Mirroring Fraud.