Republished on September 30 with new proposals for a U.S. national strategy on scams to combat the “national security crisis” now hitting Americans.
Attackers behind the billion-dollar hack surging across the U.S. will secure remote access to your device, the FBI warns. Then they empty your bank account. This is usually done by tricking you into installing malicious software. But a nasty new twist means attackers now use software already installed on your iPhone or Android.
The “phantom hacker” scam starts with a call or message pretending to be from your bank, warning you have been hacked, helping you move your money to safety. That transfer is the real theft. It relies on remote viewing software to confirm where your money is saved. As soon as your call heads in this direction, stop it immediately.
Asking you to download software is a hurdle — there’s a risk it will raise your suspicions. And so attackers have found a devious way around this. Now just one wrong click and they will see everything you do on your smartphone in real time.
This is a little-known setting in WhatsApp, the world’s most popular messenger. The Meta-owned app has 3 billion global users and more than 100 million in the U.S. The FBI warning users to stop texting was a major boost to WhatsApp in America.
WhatsApp now offers screen sharing, which “allows people to share what’s on their screen in real time. You must be in a video call to share your screen.”
WhatsApp warns “we’ll remind you to only share your screen with people you trust,” that’s because “the information displayed on your shared screen, including usernames and passwords, are visible to the person you’re sharing with.”
But despite the warning, this is now catching on fast with attackers (1,2,3), and because WhatsApp calls are fully encrypted, the platform cannot intercept the threat. “No one outside of the call, not even WhatsApp, can see or hear what you share on your screen.”
The initial attack will come by a regular phone call or message. The scammer then asks to move the call to WhatsApp as it’s more secure. There they perpetrate the Phantom Hacker attack to steal your life savings, asking you to share your screen. It’s the same as the original attack, but without the need to have you install software.
This isn’t just a WhatsApp issue. Do not share your screen with anyone you don’t know. If asked, stop the call. This is especially true with bank calls and tech support calls.
Do not engage. Report the approach. Contact organizations using regular channels. That also means you do not allow video calls — over WhatsApp or any other platform — if asked by a bank or tech support or customer support rep who reaches out.
Meanwhile, per Axios, “more than 80 leaders from the public, private and nonprofit sectors are calling for a whole-of-government strategy to crack down on scams.”
Many of these scams now rely on cross-border gangs and technologies, while AI has put an entirely new level of sophistication and authenticity in the hands of so many cyber criminals. This needs a unified approach and a new strategy.
“Every year, criminals defraud and scam American households out of more than $158 billion,” The Aspen Institute says in a new report just published. “This is a national security crisis, and the problem is only getting worse.”
The researchers call for “a coordinated national strategy that enables the government and private sector to work together to stop fraud, cut off criminal funding, and protect America.” Their proposed “National Task Force on Fraud and Scam Prevention,” which will drive a strategy “to deny transnational crime networks billions of dollars in illicit profits while strengthening U.S. national security and protecting American consumers.”