Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence
phishing-campaign-intelligencevoice-social-engineeringcredential-access-methodfinancial-sector-threat

Social Engineering Scams Exploiting Mobile Device Features to Steal Credentials and Funds

Updated 2d agoFirst seen Nov 13, 20252 sources

Cybercriminals are increasingly leveraging built-in features of popular mobile platforms to execute sophisticated social engineering scams aimed at stealing sensitive credentials and financial assets. On WhatsApp, scammers exploit the screen-sharing function by impersonating trusted entities such as bank employees or support agents, coercing victims into sharing their screens under the pretense of resolving urgent security issues. This access enables attackers to view and capture one-time passwords (OTPs), banking details, and other personal information, resulting in significant financial losses. In response, Meta has introduced AI-powered safety tools, including real-time warnings when users attempt to share their screens with unknown contacts, to mitigate these attacks.

Similarly, iPhone users are being targeted through phishing campaigns that exploit the "Find My" feature. After a device is lost or stolen, scammers send convincing fake messages—purportedly from Apple Support—containing links that claim to help locate the missing phone. By leveraging accurate device details and the victim's sense of urgency, attackers trick users into divulging their Apple ID credentials, potentially granting full access to personal data and accounts. Authorities such as Switzerland’s National Cyber Security Centre have issued warnings about these tactics, emphasizing the need for heightened vigilance when responding to unsolicited messages related to lost devices.

Share:
Social Engineering Scams Exploiting Mobile Device Features to Steal Credentials and Funds
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

EVENT TIMELINE

How this story unfolded

2 events from the most recent confirmed update back to the earliest known activity.

2 EVENTS
Nov 13, 20258mo ago

Scammers use WhatsApp screen sharing to capture OTPs and steal money

Fraudsters were reported abusing WhatsApp's screen-sharing feature to watch victims enter one-time passwords and other sensitive information, enabling theft from financial accounts. The scam relied on social engineering to persuade targets to share their screens during the interaction.

Nov 11, 20258mo ago

Fake 'Find My' phishing messages target people who lost iPhones

A phishing scam emerged in which victims who had lost an iPhone received fraudulent 'Find My' messages designed to trick them into revealing their Apple ID credentials. The campaign abused the urgency around locating a missing device to harvest account access.

LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

2 LINKEDOpen in app
Organizations
2 linked
Meta PlatformsEset
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.