Straitstimes.com header logo

Beware of phishing scam involving fake ‘WhatsApp Web’ pages: Police

Sign up now: Get ST's newsletters delivered to your inbox

FILE PHOTO: A keyboard is placed in front of a displayed WhatsApp logo in this illustration taken February 21, 2023. REUTERS/Dado Ruvic/Illustration/File Photo

Pay close attention to what is in your Web browser’s address bar the next time you log into WhatsApp Web, the police said.

PHOTO: REUTERS

avatar-alt

Carmen Sin

Follow topic:

SINGAPORE – Pay close attention to what is in your Web browser’s address bar the next time you log in to WhatsApp Web as it could be a new variant of phishing scams instead.

In a media statement on Friday, the police warned of fraudulent websites that “trick users into authorising access to their WhatsApp account for the scammers”.

In these cases, victims wanting to use WhatsApp on their computers searched for the official WhatsApp Web webpage on online search engines and clicked on the first few search results without verifying the URL links.

The links took them to phishing websites embedded with the genuine QR code extracted from the official website of WhatsApp, said the police.

When victims scanned the QR code on the phishing website with their mobile phones, the page became unresponsive and scammers gained remote access to their WhatsApp accounts.

The scammers then messaged the victims’ contacts asking for personal details and Internet banking credentials, or for money transfers to a designated bank account.

Even though the victims would have noticed that the QR codes on the fake phishing websites did not bring them to WhatsApp Web’s desktop interface, they did not immediately realise that their accounts had been compromised as they could still access WhatsApp.

“The victims would only discover that their WhatsApp accounts were compromised when they were notified by their contacts of unusual requests such as asking for transfer of monies or i-banking credentials,” the police said.

When victims scan the QR code on the phishing websites with their mobile phones, the page would be unresponsive, and scammers would gain remote access to their WhatsApp accounts.

PHOTO: SINGAPORE POLICE FORCE

Members of the public are advised to always ensure that they are using the official WhatsApp Desktop App and visiting the official WhatsApp Web webpage at

https://web.whatsapp.com

.

One should also refrain from sharing WhatsApp account verification codes, enable two-step verification on WhatsApp and check linked devices on WhatsApp regularly, the police added.

For more information on scams, members of the public can visit

www.scamalert.sg

or call the Anti-Scam Helpline on 1800-722-6688.

More on this topic
Do not download fake Anti Scam Centre app onto Android devices: Police
How to spot a phishing scam, even one crafted by AI
See more on

E-paper

Newsletters

Podcasts

RSS Feed

About Us

Terms & Conditions

Privacy Policy

Need help? Reach us here.

Advertise with us

Download the app

Get unlimited access to exclusive stories and incisive insights from the ST newsroom
Subscribe Placeholder
MDDI (P) 046/10/2025. Published by SPH Media Limited, Co. Regn. No.202120748H. Copyright © 2025 SPH Media Limited. All rights reserved.