KartavyaDesk
news

One link, total control: How screen-sharing scams are looting Indians

Kartavya Desk Staff

Imagine one evening you receive a message warning that your electricity connection will be disconnected because a bill payment is pending. The text looks routine, mentions MAHADISCOM (also known as Maharashtra State Electricity Distribution Company Limited), and urges you to call a number for clarification or asks you to enter your credentials. On calling, you are told only Rs 100 needs to be paid in order to keep your electricity connection and a link is promptly sent to your WhatsApp account or even through an SMS. Trusting the process, you click the link, enter your bank details, and complete the small transaction. Fifteen minutes later, your phone buzzes again, not with a receipt of the payment, but with alerts showing Rs 6.52 lakh quietly drained from your account in multiple transactions. When you check the link again, it has disappeared, leaving behind the realisation that a simple message and a moment’s trust were enough for fraudsters to wipe out a lifetime’s savings. Since 2022, one of the most common scams targeting unsuspecting senior users has been the ‘power bill’, which uses screen-sharing links to dupe potential victims. Talking to Indianexpress.com, Yogesh Vilankar, Deputy Chief Public Relations Officer (CPRO), MSEDCL Nagpur Region, said, “The consumers used to receive a message stating that their electricity connection will soon be disconnected if they do not pay a small sum. The message would be accompanied with a link, which was a link to a screen-sharing application. Through a rigorous awareness campaign, the department had to convey to its consumers that this was a scam.” Vilankar informed that an awareness message was widely shared with consumers through all possible media. He added that a visual displaying dos and don’ts is still displayed on the homepage of the MSEDCL official website. MSEDCL informed its consumers that they never ask them to contact any person. It always sends SMS from sender IDs like VM-MSEDCL, VK-MSEDCL or AM-MSEDCL, etc, and not from personal mobile numbers. The first two letters in a sender ID indicate the operator and location from where the message is being sent, and it ends with MSEDCL. ## What are screen-sharing scams? “Screen-sharing frauds are a type of social engineering fraud in which the attacker persuades the victim to install screen-sharing or remote access programs under the guise of customer support, KYC update, refund, or tech support. After gaining access, it is simple to have access to sensitive information in real-time, redirect the victim to banking apps and steal their credentials, or even make banking transactions as the fraudster works to manipulate the victim into approving their requests,” said Tarun Wig, Co-founder and CEO, Innefu Labs. “Screen-sharing scams mark a dangerous evolution in digital fraud, where criminals no longer rely only on stealing OTPs but manipulate victims into installing remote-access or malicious apps that hand over live control of their devices. While screen-sharing tools like AnyDesk and TeamViewer are a common entry point, these attacks often overlap with tech support, investment banking, and social engineering scams that target personal data, banking credentials, and even enable covert screen recording or keylogging,” informed Sneha Katkar, Head of Product Strategy, Quick Heal Technologies Ltd. ## Urgency leads to manipulation “What we are observing across the ecosystem is that these scams succeed not because of technical sophistication, but because of urgency and trust manipulation. A few minutes of remote access is often enough for fraudsters to map a user’s entire financial footprint and execute transactions before any control can react. With smartphones now functioning as wallets, banks, and identity vaults combined, screen access effectively becomes full account access,” said Amit Relan, CEO, mFilterIt. Pavan Karthick M, Threat Researcher, CloudSEK, said, “If you are sharing your screen, one should remember that scammers can modify the screen to look like something that it is not to deceive you and then coerce you into doing some financial transactions. You should remember that transactions can’t be done just by sharing your screen on your personal computer. But if you’re sharing the screen on a phone, then everything is possible because they can send a notification and read it right from the screen.” On a phone, scammers can see everything in real time, banking apps, incoming OTPs, SMS alerts, and notifications, as they appear on your screen. “Screen-sharing scams do not substitute OTP or phishing scams; they complement and supplement them. Fraudsters are also becoming more adept at combining tricks, screen sharing to overcome user suspicion, monitoring OTPs as they arrive and social engineering victims into accepting transactions themselves. This modern hybrid technique of scam-making is quicker, more persuasive, and harder to figure out,” added Tarun Wig. ## Warning signs Experts list the following warning signs to look for: – Urgent threats: Scammers create panic, such as disconnection of power, account suspension, refund expiry, and KYC failure, to rush you into acting without thinking. Urgency is used to bypass your judgment. – Personal numbers: Messages that come from 10-digit mobile numbers, not official sender IDs like VM-MSEDCL or VK-MSEDCL. – Request to download apps: Any request to download apps for completing a certain activity, such as bill payment, is a scam. See if there are links to apps like AnyDesk, TeamViewer, or unknown APKs. These apps themselves may be legitimate, but when someone asks you to install them during an unsolicited call or message, it is always a scam. – Calls to action: Asking for OTPs or to click on suspicious links. ## How to protect – Never download any apps or click on any suspicious links at the request of any caller. – Delete messages from unknown numbers asking for bill payments or KYC updates. – Communicate or pay bills only through official channels. – Verify: If you are suspicious about the message, contact the official sender. For example, contact the MSEDCL office in case there is a message in their name. ## What to do if scammed – Contact bank: Immediately inform your bank and freeze your account, halt all your future transactions. – Uninstall apps: Uninstall any unknown applications that you might have downloaded. – Report immediately: Contact the national cybercrime helpline 1930 or register a complaint at cybercrime.gov.in or visit the nearest police station. “Consumers and businesses must treat device visibility with the same sensitivity as financial credentials. No legitimate institution will ever request screen sharing or remote control. From an industry standpoint, prevention has to start earlier, through user awareness, behavioural risk signals, and continuous monitoring that detects suspicious actions in real time. Because once visibility is granted, compromise is immediate, and recovery is always reactive,” said Amit Relan. Kaushal Bheda, Director, Pelorus Technology, noted, “The darker threat is how state actors use similar methods for espionage. We are seeing them recruit insiders to plug a hardware device, known as an IP-KVM, into secure work computers. This device uses a mobile phone connection to create a secret link to the outside world. This allows malicious actors to enter the internal networks and access sensitive information without being detected. So, on one side, we have financial theft, and on the other, a risk to national security. These represent two separate spectrums of risk, one devastating the public at scale, and the other compromising the security of the nation.” ## The Safe Side As the world evolves, the digital landscape evolves as well, bringing new opportunities and new risks. Scammers are becoming more sophisticated, exploiting vulnerabilities to their advantage. In our special feature series, we delve into the latest cybercrime trends and provide practical tips to help you stay informed, secure, and vigilant online. Ankita Deshkar is a Deputy Copy Editor and a dedicated fact-checker at The Indian Express. Based in Maharashtra, she specializes in bridging the gap between technical complexity and public understanding. With a deep focus on Cyber Law, Information Technology, and Public Safety, she leads "The Safe Side" series, where she deconstructs emerging digital threats and financial scams. Ankita is also a certified trainer for the Google News Initiative (GNI) India Training Network, specializing in online verification and the fight against misinformation. She is also an AI trainer with ADiRA (AI for Digital Readiness and Advancement) Professional Background & Expertise Role: Fact-checker & Deputy Copy Editor, The Indian Express Experience: Started working in 2016 Ankita brings a unique multidisciplinary background to her journalism, combining engineering logic with mass communication expertise. Her work often intersects regional governance, wildlife conservation, and digital rights, making her a leading voice on issues affecting Central India, particularly the Vidarbha region. Key focus areas include: Fact-Checking & Verification: As a GNI-certified trainer, she conducts workshops on debunking deepfakes, verifying viral claims, and using OSINT (Open Source Intelligence) tools. Cyber Law & IT: With postgraduate specialization in Cyber Law, she decodes the legalities of data privacy, digital fraud, and the evolving landscape of intellectual property rights. Public Safety & Health: Through her "The Safe Side" column, she provides actionable intelligence on avoiding "juice jacking," "e-SIM scams," and digital extortion. Regional Reporting: She provides on-ground coverage of high-stakes issues in Maharashtra, from Maoist surrenders in Gadchiroli to critical healthcare updates and wildlife-human conflict in Nagpur. Education & Credentials Ankita is currently pursuing her PhD in Mass Communication and Journalism, focusing on the non-verbal communication through Indian classical dance forms. Her academic foundation includes: MA in Mass Communication (RTM Nagpur University) Bachelors in Electrical Engineering (RTM Nagpur University) Post Graduate Diploma (PGTD) in Cyber Law and Information Technology Specialization in Intellectual Property Rights Recent Notable Coverage Ankita’s reportage is recognized for its investigative depth and emphasis on accountability: Cyber Security: "Lost money to a scam? Act within the 'golden hour' or risk losing it all" — A deep dive into the critical window for freezing fraudulent transactions. Public Health: "From deep coma to recovery: First fully recovered Coldrif patient discharged" — Investigating the aftermath of pharmaceutical toxins and the healthcare response. Governance & Conflict: "Gadchiroli now looks like any normal city: SP Neelotpal" — An analysis of the socio-political shift in Maoist-affected regions. Signature Beat Ankita is best known for her ability to translate "technical jargon into human stories." Whether she is explaining how AI tools like MahaCrimeOS assist the police or exposing the dire conditions of wildlife transit centres, her writing serves as a bridge between specialized knowledge and everyday safety. Contact & Follow X (Twitter): @ankita_deshkar Email: ankita.deshkar@indianexpress.com ... Read More

AI-assisted content, editorially reviewed by Kartavya Desk Staff.

About Kartavya Desk Staff

Articles in our archive published before our editorial team was expanded. Legacy content is periodically reviewed and updated by our current editors.

All News