Stay Alert: Vigilance Needed to Prevent WhatsApp QR Code Fraud

The National Cybercrime Threat Analytics Unit of I4C has identified an emerging transnational crime trend where certain Facebook & Instagram accounts are publishing advertisements that claim users can “earn cash automatically” by linking their WhatsApp accounts with their platform. These advertisements redirect users to fraud Web pages or Android mobile applications (.apk) that imitate legitimate earning platforms.

Unsuspecting individuals are lured by promises of high commissions and passive income, and are instructed to connect their WhatsApp accounts through QR codes. This campaign is orchestrated by threat actors to exploit WhatsApp’s linked device feature which allows web based access to WhatsApp. Such accounts are effectively being rented out as “mule WhatsApp accounts”, which may subsequently be used for illegal activities such as fraud, scams, or dissemination of malicious content.

Please See: The National Cybercrime Threat Analytics Unit of I4C Advisory

Modus Operandi: Luring Users with ‘Automatic Cash’

The scam’s execution model is highly organized, primarily targeting users on social media platforms:

1. Advertisement Campaign: Threat actors publish advertisements on Meta platforms (Facebook & Instagram). These ads falsely claim that users can earn “automatic commissions” or “quick income” by linking their WhatsApp accounts.
2. Redirection to Malicious Sources: Unsuspecting users are redirected to fraudulent web pages or are prompted to install malicious Android applications (.apk), which imitate legitimate earning platforms.
3. Account Linking via QR Code: Victims are then instructed to scan a QR code displayed on the scam platform using their WhatsApp’s ‘Linked Devices’ feature. Once scanned, the scammer’s system instantly gains linked-device access to the victim’s entire WhatsApp account.
4. Commission Pyramid Scheme: To sustain the fraud and harvest more accounts, the scammers promote a multi-level commission structure (e.g., 10%, 5%, 2% on subsequent referrals). This scheme encourages continuous sharing, rapidly building a large pyramid-like network of compromised accounts.
5. Abuse of Mule Accounts: The stolen “mule WhatsApp accounts” are then used to scale up criminal activities, including phishing, payment fraud, and recruitment for further illicit services.

Precautions

I4C has strongly advised the public to exercise caution and adhere to the following safety measures:

• Legal Consequences: Renting your WhatsApp account or receiving illicit funds can lead to severe legal consequences, including arrest.
• Avoid Unknown APKs: Strictly avoid installing any APK files from unknown or unverified sources.
• Be cautious of Meta Ads: Be extremely cautious of Meta Ads that promise quick income, high referral commissions, or automatic cash earnings, especially those related to volatile areas like stock market investment.
• Check Linked Devices: Periodically check your WhatsApp settings by navigating to ‘Linked Devices’ and immediately log out any suspicious or unrecognized devices.

Reporting and Support

Victims of financial fraud should also immediately report the incident on the National Cybercrime Reporting Portal at www.cybercrime.gov.in or call the helpline 1930.