A fresh warning has been issued to millions of WhatsApp users after the discovery of a new scam that’s targeting accounts. It appears that fans of the chat app are being duped when trying to access their conversations via the popular WhatsApp Web feature. This useful function displays chats via a standard webpage on a PC with those wanting to take advantage simply scanning a QR code using their phone.
It's a handy way of chatting with a laptop but it does come with a worrying alert.
Scammers are now taking advantage of this QR technology to gain total access to WhatsApp accounts via fake websites.
These webpages appear to look just like WhatsApp's official service but, once the forged QR code is scanned, the worrying hoax instantly allows crooks to send messages from the victim's account to their full contacts list.
These notes often use the tactic of asking for help borrowing money which is how the criminals hope to cash in.
This warning has been issued by Police in Singapore but anyone could become a victim of this threat. It's now vital that all WhatsApp users check before scanning any QR codes or trying to access their accounts via the web. If you think you have used a fake WhatsApp Web service, the Police are also urging you to check all your linked devices as this could show if your account has been compromised.
To check your linked devices regularly simply go to WhatsApp Settings > Linked Devices to review all devices linked to your account. To remove a linked device, tap the device > Log Out.
"The Police would like to alert members of the public to a new variant of phishing scams which compromises WhatsApp accounts through the use of fake “WhatsApp Web” phishing websites. These websites trick users into authorising access to their WhatsApp accounts for the scammers," explained the authorities in Singapore.
"When the victims use the QR code scanning function in WhatsApp on their mobile devices they would notice that the websites would be unresponsive as they would not bring them to WhatsApp Web’s interface on their desktops.
"However, scammers who had embedded the QR codes in the phishing websites would then be able to gain remote access to the victims’ WhatsApp accounts, performing unauthorised actions such as messaging the victims’ contacts asking for their personal details and i-banking credentials, or requesting for monies to be transferred to a designated bank account."
This latest alert comes as security experts have recently revealed new advice about the dangers of QR codes.
The practice, known as 'QRishing', involves the substitution of real QR codes with fake ones which can redirect victims to dodgy website links and even payment pages.
Tech CEO Peter King of AI Product Reviews said: "Creating a counterfeit QR code is alarmingly easy. Criminals unscrupulously place these in public places, from transit stops to restaurant menus, preying on the unsuspecting public."