SINGAPORE: Pay close attention to what is in your Web browser’s address bar the next time you log in to WhatsApp Web as it could be a new variant of phishing scams instead.

In a media statement on Oct 27, the police warned of fraudulent websites that “trick users into authorising access to their WhatsApp account for the scammers”.

In these cases, victims wanting to use WhatsApp on their computers searched for the official WhatsApp Web webpage on online search engines and clicked on the first few search results without verifying the URL links.

The links took them to phishing websites embedded with the genuine QR code extracted from the official website of WhatsApp, said the police.

When victims scanned the QR code on the phishing website with their mobile phones, the page became unresponsive and scammers gained remote access to their WhatsApp accounts.

The scammers then messaged the victims’ contacts asking for personal details and Internet banking credentials, or for money transfers to a designated bank account.

Even though the victims would have noticed that the QR codes on the fake phishing websites did not bring them to WhatsApp Web’s desktop interface, they did not immediately realise that their accounts had been compromised as they could still access WhatsApp.

“The victims would only discover that their WhatsApp accounts were compromised when they were notified by their contacts of unusual requests such as asking for transfer of monies or i-banking credentials,” the police said.

Members of the public are advised to always ensure that they are using the official WhatsApp Desktop App and visiting the official WhatsApp Web webpage at https://web.whatsapp.com.

One should also refrain from sharing WhatsApp account verification codes, enable two-step verification on WhatsApp and check linked devices on WhatsApp regularly, the police added. – The Straits Times (Singapore)/Asia News Network