WhatsApp Screen-Sharing KYC Scam — How to Identify & Stay Safe

Severity: CRITICAL | View Full Scam Details

WhatsApp Screen-Sharing KYC Scam: How It Steals OTPs and Bank Logins in Minutes

The WhatsApp Screen-Sharing KYC Scam is a fast-growing phishing technique targeting Indian users. Fraudsters pose as bank representatives, wallet executives, or utility service staff and convince victims to use WhatsApp’s screen share feature during a call. Once your screen is visible, they can watch you receive OTPs, view UPI prompts, and even capture credentials as you type—leading to unauthorized transactions.

This scam is especially dangerous because it doesn’t rely on complex malware. It relies on social engineering and the victim unintentionally giving real-time visibility into private apps and messages.

Why this scam is so dangerous

When you share your screen, you may accidentally expose:

• OTP messages from banks, UPI apps, and SIM providers
• UPI collect requests and payment confirmation screens
• Netbanking usernames/passwords (typed or auto-filled)
• Email inbox where password reset links arrive
• Personal identifiers like PAN, Aadhaar last digits, address, and account numbers

Even if you never “tell” the OTP out loud, the scammer can simply read it from your screen.

How the WhatsApp Screen-Sharing KYC Scam works

Step 1: The bait (KYC, bill, or service disconnection)

You receive a WhatsApp call or message from an unknown number. The scammer claims:

• “Your bank KYC is pending, account will be blocked.”
• “Your electricity/gas bill verification is required today.”
• “Your wallet/UPI will be suspended if you don’t update.”

They create urgency and pressure so you don’t verify the request.

Step 2: Getting you to start Screen Share

They guide you step-by-step:

• “Open WhatsApp.”
• “Tap the screen share icon.”
• “Now I can help you complete KYC quickly.”

Because WhatsApp screen share is a legitimate feature, many users assume it is safe.

Step 3: The “test transaction” trick

A common tactic is asking you to perform a small “test” action while sharing the screen:

• “Just check your balance.”
• “Approve a ₹1/₹10 verification.”
• “Open your UPI app and confirm the request.”

This is often where victims accidentally approve a collect request or authorize a debit.

Step 4: OTP/credential capture and account takeover

While you are sharing the screen, the scammer may ask you to:

• Open your SMS app (to “read reference number”)
• Open your email (to “verify OTP received”)
• Log into netbanking (to “confirm KYC details”)

They can see OTPs, password entries, and security prompts. In some cases, they immediately use that information to:

• Transfer money via UPI
• Add a beneficiary in netbanking
• Reset passwords using email/SMS OTPs

Red flags to spot immediately

Requests to share your mobile screen

No bank or utility provider needs WhatsApp screen sharing for KYC.

Demands to do a small “test” transaction while screen-sharing

Any request to “verify” by paying money or approving a collect request is a strong scam indicator.

Urgency about utility disconnection or account blocking

Scammers rely on fear: “It will be disconnected today” or “Your account will be frozen in 10 minutes.”

Pushing WhatsApp instead of official channels

Legitimate organizations use their official app, website, or registered customer care numbers—not random WhatsApp calls.

How to protect yourself (practical steps)

1) Never share your screen with strangers

If anyone asks for screen sharing for KYC, assume it’s fraud.

2) Never share OTP, UPI PIN, or card details

Remember:

• OTP is as sensitive as your password.
• UPI PIN should never be entered while someone is watching your screen.

3) Verify through official sources only

If the caller claims to be from your bank or utility provider:

• Disconnect the call
• Open the official app/website
• Call the customer care number listed there

Do not trust numbers sent via WhatsApp.

4) Lock down your phone

• Enable screen lock and app lock for UPI/banking apps
• Turn on two-factor authentication for email
• Hide SMS previews on lock screen

What to do if you already shared your screen

Act immediately (first 10–30 minutes)

1. Stop screen share and end the call.

2. Call your bank using official numbers and request:

- Temporary block on cards/UPI

- Freeze suspicious transactions if possible

3. Change passwords for:

- Email

- Netbanking

- UPI/wallet apps (where applicable)

4. Check for:

- New beneficiaries added

- Unauthorized UPI mandates/collect requests

- Password reset emails or OTP activity

Preserve evidence

• Screenshot the WhatsApp number, chat, and call history
• Note date/time and any UPI transaction IDs

FAQ

What is WhatsApp Screen-Sharing KYC Scam?

It is a phishing scam where fraudsters pose as bank/utility staff and persuade you to share your phone screen on WhatsApp. They use the shared view to capture OTPs, UPI prompts, and credentials to steal money or take over accounts.

How does it work?

The scammer creates urgency (KYC pending/disconnection threat), makes you start WhatsApp screen share, then asks you to open SMS/UPI/netbanking/email or do a “test transaction.” They read OTPs and watch confirmations to perform unauthorized transfers.

How to protect?

Never screen-share with unknown callers, never enter OTP/UPI PIN while someone can see your screen, and always verify requests via official bank/utility apps or website numbers. Enable app locks and 2FA for email.

How to report in India?

• Call your bank immediately and report unauthorized transactions.
• Report cyber fraud to the National Cyber Crime Reporting Portal: https://cybercrime.gov.in
• Call the cyber fraud helpline 1930 (India) as soon as possible.
• File a complaint with details: WhatsApp number, screenshots, transaction IDs, and timestamps.

Stay protected

Scams evolve quickly, but the rule is simple: no legitimate KYC process requires WhatsApp screen sharing. If pressured, pause and verify.

Check any suspicious message free at bharatsecure.app.