Police urge Singaporeans to avoid using WhatsApp Web amid rising scams

SINGAPORE: The Singapore Police Force (SPF) has once again reminded the public to be vigilant against fraud cases involving WhatsApp’s web version and has gone one step further by advising the public to avoid using WhatsApp Web amid rising scams.

In its latest statement, SPF stressed the importance of accessing WhatsApp’s web version only through the official channels, specifically the official website (https://web.whatsapp.com) or the official desktop application.

In addition to advising against the use of the web version, the police have provided a set of proactive steps to enhance security for personal WhatsApp accounts. Users are strongly encouraged to enable the “two-factor verification” function, a feature designed to add an extra layer of protection to their accounts.

The police also recommend regular checks on devices linked to WhatsApp and prompt deletion of bound devices that are no longer in use. This proactive approach is intended to prevent unauthorized access and mitigate the risk of criminals exploiting dormant connections to carry out scams.

This marks the second time law enforcement has issued a public reminder about the risks associated with WhatsApp’s web version in the past two months. Recent cases have revealed that victims inadvertently fell prey to fake login pages, allowing scammers to gain remote access and exploit the victims’ WhatsApp accounts for fraudulent activities targeting their family or friends.

In recent cases, victims would search the official “WhatsApp Web” website through Internet search engines. When the search results appear, victims often click directly on the first few search results without verifying the URL.

The police said that in some cases, the URL the victim clicked was not the official website of WhatsApp but a phishing website designed by scammers.

Although the website displays the WhatsApp QR code, when the victim scans the code with their mobile phone to log in to the WhatsApp web version, they cannot log in smoothly.

Instead, the scammer will invade their WhatsApp account and conduct unauthorized activities, such as posing as a victim. The scammers send messages to the victim’s contacts asking for personal and electronic banking information or requesting money to be transferred to a designated bank account.

The person whose identity has been stolen remains unaware that they are being impersonated as they are unable to view any messages that are sent remotely from their accounts. They often only become aware that their WhatsApp accounts have been compromised when their contacts notify them that they are being asked to transfer money or request electronic banking information.

One victim of this scam, Mary, told The Independent Singapore that a message stating, “Can you transfer 5K for me? My account limit has been reached. I will return it to you tomorrow” was sent from her WhatsApp to her daughter and her employer.

Mary said she was shocked when her boss called her into her office and asked about the request. When she looked at her phone, she could not see any message that had been sent.

She said, “I’m glad my daughter and my employer contacted me before giving any information to the scammers. I immediately logged my WhatsApp out of all my linked devices and have not seen any suspicious activities since.”

The police’s repeated warnings underscore the severity of the threat and the need for heightened vigilance among the public. As technology evolves, so do the tactics of cybercriminals, making it imperative for users to stay informed and take proactive measures to protect their digital assets and personal information.