A fast-spreading screen-sharing scam on WhatsApp exploited the platform’s screen-sharing feature (introduced in 2023) to deceive users into granting scammers remote access to their devices. The attackers posed as trusted entities (e.g., bank employees or Meta support agents), using psychological manipulation trust, urgency, and panic to trick victims into sharing screens or installing remote-access tools like AnyDesk or TeamViewer. Once access was granted, scammers stole banking credentials, passwords, and one-time passwords (OTPs), leading to massive financial losses globally. A notable case in Hong Kong resulted in a victim losing ~$700,000 USD.Meta responded by deploying AI-powered real-time warnings for unsaved contacts during screen-sharing attempts and dismantling 8 million scam-linked accounts and 21,000 fake customer service pages across high-risk regions (Myanmar, Cambodia, UAE, etc.). Despite mitigation efforts, the scam’s widespread financial fraud targeting individuals via phishing and social engineering highlighted vulnerabilities in user trust and platform security. The attack primarily compromised personal financial data, with no evidence of systemic infrastructure breaches or ransomware involvement.
Source: https://hackread.com/whatsapp-screen-sharing-scammers-steal-otps-funds/
Meta cybersecurity rating report: https://www.rankiteo.com/company/meta
"id": "MET5292052111325",
"linkid": "meta",
"type": "Cyber Attack",
"date": "6/2023",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'millions (global WhatsApp '
'users)',
'industry': 'social media/messaging',
'location': 'global',
'name': 'Meta (WhatsApp)',
'size': 'large-scale',
'type': 'technology company'},
{'customers_affected': '1 (lost $700,000)',
'location': 'Hong Kong',
'type': 'individual'}],
'attack_vector': ['phone call (WhatsApp video call)',
'psychological manipulation',
'screen-sharing abuse',
'remote-access tools (AnyDesk, TeamViewer)'],
'customer_advisories': ['Avoid screen-sharing with unknown contacts.',
'Use Two-Step Verification.',
'Report suspicious WhatsApp accounts via the app.'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['credentials',
'financial data',
'PII (via OTPs)']},
'date_publicly_disclosed': '2025-11-05',
'description': 'A fast-spreading screen-sharing scam on WhatsApp exploits the '
"platform's screen-sharing feature (introduced in 2023) to "
'steal money and personal data. Scammers impersonate trusted '
'figures (e.g., bank employees or Meta support agents), create '
'urgency, and trick victims into sharing their screens or '
'installing remote-access tools (e.g., AnyDesk, TeamViewer). '
'Once access is granted, scammers steal passwords, banking '
'details, and one-time passwords (OTPs). The scam relies on '
'psychological manipulation (trust, urgency, control) rather '
'than technical exploits. Meta has responded with AI-powered '
'real-time warnings for unsaved contacts and has taken down 8M '
'scam-linked accounts and 21K fake pages impersonating '
'customer service. A notable case in Hong Kong resulted in a '
'$700,000 loss.',
'impact': {'brand_reputation_impact': ['moderate (Meta proactively addressing '
'issue)'],
'customer_complaints': ['widespread (evidenced by Reddit '
'discussions)'],
'data_compromised': ['passwords',
'banking details',
'one-time passwords (OTPs)',
'personal data'],
'financial_loss': ['$700,000 (Hong Kong case)',
'massive global losses (unspecified total)'],
'identity_theft_risk': ['high (OTPs and banking details exposed)'],
'payment_information_risk': ['high (direct access to banking '
'apps)'],
'systems_affected': ['WhatsApp accounts',
'user devices (via remote-access tools)',
'banking apps/websites']},
'initial_access_broker': {'backdoors_established': ['remote-access tools '
'(AnyDesk, TeamViewer)'],
'entry_point': 'WhatsApp video call from unsaved '
'number',
'high_value_targets': ['banking credentials',
'OTPs',
'personal data']},
'investigation_status': 'ongoing (Meta and ESET actively monitoring)',
'lessons_learned': ['Psychological manipulation (trust/urgency) is as '
'critical as technical vulnerabilities in scam success.',
'Default trust in platform features (e.g., '
'screen-sharing) can be weaponized.',
'Proactive AI warnings can mitigate human-error risks but '
'require user compliance.'],
'motivation': ['financial gain', 'identity theft', 'account takeover'],
'post_incident_analysis': {'corrective_actions': ['Meta’s AI warnings for '
'unsaved-contact '
'screen-sharing.',
'Mass takedown of scam '
'infrastructure '
'(accounts/pages).',
'Public awareness campaigns '
'on psychological scam '
'tactics.'],
'root_causes': ['Over-reliance on user vigilance '
'for feature misuse '
'(screen-sharing).',
'Lack of default restrictions on '
'screen-sharing with unsaved '
'contacts.',
'Exploitation of human psychology '
'(trust in authority figures, fear '
'of loss).']},
'recommendations': ['Never share screens, passwords, or OTPs with unsolicited '
'callers, even if they impersonate trusted entities.',
'Enable Two-Step Verification on WhatsApp and other '
'critical accounts.',
'Verify suspicious claims via independent, trusted '
'channels (e.g., official bank contacts).',
'Educate vulnerable populations (e.g., elderly) on '
'recognizing urgency-based scams.',
'Platforms should expand AI warnings to include '
'behavioral analysis (e.g., rapid screen-sharing '
'requests).'],
'references': [{'date_accessed': '2025-11-05',
'source': 'ESET Research Report'},
{'source': 'Meta Official Blog (AI Safety Tools Announcement)'},
{'source': 'Reddit User Discussions'}],
'response': {'communication_strategy': ['public advisories (Meta blog, ESET '
'report)',
'Reddit community warnings'],
'containment_measures': ['AI-powered real-time screen-sharing '
'warnings for unsaved contacts',
'removal of 8M scam-linked accounts',
'takedown of 21K fake customer service '
'pages'],
'enhanced_monitoring': ['AI-driven scam detection'],
'incident_response_plan_activated': True,
'remediation_measures': ['user education campaigns',
'enhanced account security prompts '
'(e.g., Two-Step Verification)'],
'third_party_assistance': ['ESET (research analysis)']},
'stakeholder_advisories': ['Meta’s public safety updates',
'ESET’s threat analysis'],
'threat_actor': ['organized scam rings',
'financially motivated cybercriminals'],
'title': 'WhatsApp Screen-Sharing Scam Exploiting Psychological Manipulation '
'for Financial Theft and Data Breaches',
'type': ['social engineering', 'phishing', 'fraud', 'data breach'],
'vulnerability_exploited': ['human trust/urgency bias',
'WhatsApp screen-sharing feature (misuse)',
'lack of user awareness']}