The Singapore Police Force issued a warning this week about a new phishing scam targeting WhatsApp users. The scam involves fake “WhatsApp Web” websites that trick victims into giving scammers access to their WhatsApp accounts.
According to the police advisory, the scam starts when victims search for the WhatsApp Web page and click on phony search results instead of the official site. The fake sites contain the actual WhatsApp QR code, so victims’ accounts become compromised when they scan the code to link their WhatsApp to a desktop.
Once scammers gain access, they can message the victim’s contacts pretending to be the victim and ask for personal details, bank account information, or request money transfers. Victims usually don’t realize their accounts are hacked until notified by contacts about suspicious messages.
Police recommendations to stay safe
- Only use the official WhatsApp site and app for WhatsApp Web
- Never share verification codes or personal information over WhatsApp
- Be wary of unusual WhatsApp requests, even from known contacts
- Enable WhatsApp’s two-step verification security feature
- Regularly review linked devices in WhatsApp settings
- Set a device unlock code and limit physical access to your phone
The police statement comes as WhatsApp scams have been on the rise in Singapore and globally. Authorities advise all users to be vigilant about protecting their accounts from unauthorized access. Enabling available security features and scrutinizing messages and account activity can help users avoid compromise.
Phishing scams also frequently target the cryptocurrency space. On Friday, the official X account of crypto oracle Tellor was reportedly hacked and used to post phishing links for a fake token airdrop, according to blockchain security firm PeckShield. Even 13 hours later, Tellor had not regained control of the account. Crypto users must be wary of phishing risks across platforms.