Connect with us


Police warn of rising ‘WhatsApp Web’ phishing scams with now over 237 victims and S$606,000 in losses

Singapore authorities issue a warning on rising WhatsApp Web phishing scams, with at least 237 victims and S$606,000 in losses since November. Scammers use fake pages with authentic QR codes, gaining control when users click on unverified URLs.

Vigilance and official app use are urged, along with caution on social media.



SINGAPORE – The police had previously issued a warning regarding a surge in a new variant of phishing scams that exploit WhatsApp Web users.

They urged users to exercise vigilance and confirm the legitimacy of the web pages they visit while logging into WhatsApp Web.

The seriousness of the caution intensifies as, at present, a documented of at least 237 individuals have already fallen victim to the scam.

According to The Straits Times, since the beginning of November, the cumulative losses from these incidents have reached a total of S$606,000.

Fake “WhatsApp Web” page

In this case, scammers can seize control of compromised WhatsApp accounts when users click on unverified URL links while searching for the official WhatsApp Web page.

This typically occurs when individuals, in their search for the official WhatsApp Web page on online search engines, click on the initial search results without confirming the legitimacy of the URLs.

Moreover, the phishing websites, which pose as legitimate WhatsApp Web pages, contain authentic QR codes extracted from the official WhatsApp website.

When victims scan these QR codes with their mobile phones, the phishing page becomes unresponsive, providing scammers with remote access to their WhatsApp accounts.

Once access is gained, scammers exploit the compromised accounts by messaging the victims’ contacts, soliciting personal information, internet banking credentials, or requesting money transfers to designated bank accounts.

However, despite the QR codes on the fake phishing websites failing to redirect users to WhatsApp Web’s desktop interface, victims often do not immediately realize their accounts have been compromised as they can still access WhatsApp.

“The victims would only discover that their WhatsApp accounts were compromised when they were notified by their contacts of unusual requests such as asking for the transfer of monies or internet banking credentials,” the police said.

Fake “WhatsApp Web” page with odd URLs. (Photo: SINGAPORE POLICE FORCE)


To mitigate the risk of falling victim to such scams, one should ensure to use the official WhatsApp Desktop App on computer, or check the URL address thoroughly when visiting the official WhatsApp Web webpage, making sure that it does not contain a different name from the official website.

Additionally, individuals should refrain from sharing WhatsApp account verification codes, enable two-step verification on WhatsApp, and regularly check linked devices on their WhatsApp accounts.

Police working with Meta to combat scam

Social media platforms, including Facebook and Instagram, are commonly exploited by scammers who use them to promote fraudulent advertisements for products and services.

Law enforcement emphasizes that scammers are becoming more sophisticated, continuously adapting their tactics to exploit the vulnerabilities of their victims.

“They often attempt to lure users with attractive offers and promotions, through eye-catching advertisements on food items, services and sale of travel packages on social media platforms such as Facebook and Instagram,” the police said.

Moreover, messaging platforms such as WhatsApp and Telegram, along with social media, phone calls, online shopping platforms, and SMSes, rank among the top five methods employed by scammers to target victims.

To combat this issue, the police are collaborating with the social media company Meta to shut down WhatsApp lines believed to be associated with scams, as reported by Channel News Asia on 10 October.

They are also actively removing suspicious online aliases and advertisements to curb fraudulent activities on these platforms.

Share this post via:
Continue Reading
1 Comment
Notify of
1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments

The PAP govt can block websites for not obeying POOFMA orders but yet they can’t block these phishing sites? So what if the scammers keep changing their website names, just keep blocking them. Also, make those who enable these scammers to operate ie: the banks, telcos and social media platforms bear the FULL cost of money lost. THEN will we see them combat these scammers more proactively.