Police issue warning about fake WhatsApp Web phishing websites

Victims would only find out that their accounts have been compromised when they are notified by their contacts of unusual requests.

A WhatsApp logo on a laptop. (Photo: Reuters/Dado Ruvic)

SINGAPORE: The police issued an advisory on Friday (Oct 27) warning people about a new phishing scam that uses fake WhatsApp Web websites.

These websites trick users into authorising access to their WhatsApp accounts for scammers.

Victims who wish to use their WhatsApp accounts on their desktops search for the official website using online search engines.

"Thereafter victims would click on the first few search results generated by online search engines without verifying the URL addresses due to convenience," said the police.

But these are phishing websites embedded with a genuine QR code taken from the official website, the police added.

A screenshot showing a phishing website impersonating WhatsApp Web's official website. (Image: Singapore Police Force)

When victims scan the QR codes, the websites become unresponsive and they are not taken to the official WhatsApp Web page.

Scammers who had embedded the QR codes in the phishing websites would then be able to gain remote access to the victims' WhatsApp accounts.

They will message victims' contacts asking for their personal details and online banking credentials. In some cases, they ask for money to be transferred to a bank account.

As victims can still access their WhatsApp accounts while scammers are concurrently using them, the victims will only discover their accounts have been compromised when they are notified by their contacts of "unusual requests", said the police.

The police urged members of the public to adopt precautionary measures, such as:

• Ensuring that they are using the official WhatsApp desktop app or visiting the official website
• Never sharing their account verification codes, personal information, banking details and one-time passwords (OTPs) with anyone
• Beware of unusual requests received over WhatsApp, even if they were sent by their contacts
• Enabling two-step verification
• Checking their linked devices regularly
• Setting a device code and being aware of who has physical access to their phone

CNA has contacted Google and WhatsApp's parent company Meta about the measures they are taking to combat the latest scam.

Earlier this month, the police said they have been working with Meta to terminate WhatsApp lines believed to be used in scams, as well as remove suspicious online monikers and advertisements.

This article was originally published on ChannelNewsAsia. Its inclusion on this website is solely for education purposes.