OneCard warned customers of 'WhatsApp Screen Mirroring Fraud', where one can lose access to one's bank account, face identity theft or suffer financial losses.
OneCard's Advisory
OneCard, in its advisory, said: “In this type of scam, fraudsters trick a person into enabling screen-sharing via WhatsApp. This way, the fraudsters gain access to the person’s sensitive information, such as OTPs, bank details, passwords, personal messages, etc. As a result, the person can fall prey to financial losses, account takeovers and even identity theft.”
How Does The Fraud Take Place?
According to the advisory, here’s how this fraud works:
The scammer poses as an employee of a trusted organisation, like a bank or financial company. They convince the victim to share the screen after claiming that the account is facing issues. This is how the fraud is initiated.
WhatsApp Video Call
The fraudster walks you through a tutorial on enabling screen-sharing on your device and then cleverly claims they can’t see the victim's screen properly and now need the victim to start a WhatsApp video call with them.
The Theft
The fraudsters can see the screen live while the victim uses a screen-sharing app. They start any banking transaction by claiming it’s for verification. The moment one receives the OTP or enters their PIN/Password to approve the transaction, the fraudster is aware of it.
Fraudsters Install Keyboard Logger
The fraudster could use this alternative method of installing a keylogger or keyboard logger into your mobile device. A keyboard logger is a type of software that monitors what you type on the virtual keyboard. This is also the reason why many banking websites provide an on-screen keyboard for you, since the keylogger can’t capture what one enters using that on-screen keyboard.
After the fraudster installs the malicious app or keyboard logger on your mobile device, they can steal one's banking passwords, social media passwords, and more.
Using The Stolen Information
The fraudster can use the information collected from your mobile device to make unauthorised transactions, mess with your banking accounts and even commit identity fraud.
Scammers can view everything on the victim’s screen in real time, including:
One-Time Passwords (OTPs)
Banking app activity
UPI PINs
Personal messages
Identity documents
With this access, scammers can instantly steal funds, hijack accounts, and impersonate victims—often before the individual realises what is happening.
Don’ts:
Avoid answering calls from unknown or suspicious numbers.
Never use financial apps (e.g. mobile banking, UPI apps, e-wallets) during screen-sharing.
You can also call the cybercrime helpline at 1930 or go to https://cybercrime.gov.in/
Bhardwaj explains what you can do to stay safe:
Verify the caller’s identity through official channels before engaging.
Avoid screen-sharing unless necessary and only with trusted contacts.
Enable two-factor authentication on all financial and messaging apps.
Keep your phone’s operating system and apps updated to close security gaps.
Educate family members, especially elders, who are often targeted by such scams.
Notify your bank to freeze or secure your accounts.
