In June, the Ministry of Public Security released the top ten high-frequency telecom network fraud types. According to the report, in 2023, the average age of telecom network fraud victims was 37 years old, with 62.1% between 18 and 40 years old and 33.1% between 41 and 65 years old.

Among the top ten high-frequency telecom network fraud cases disclosed by the Ministry of Public Security, a case involving the use of “screen sharing” technology to commit fraud attracted significant attention. In May 2024, Ms. Du from Wuxi, Jiangsu, received a video call at home from a person claiming to be a criminal investigation team officer of the Wuxi Public Security Bureau. In the video, a fake “police officer” dressed in uniform told Ms. Du that her bank card was suspected of money laundering and needed her cooperation for investigation. Following the instructions, Ms. Du downloaded a conferencing software for screen sharing to cooperate with the “officer” in verifying the funds in her bank account. The “officer” said that Ms. Du needed to transfer the funds in her bank account to a designated “safe account” to prove her innocence. During this process, to demonstrate the normal flow of funds, the “officer” also instructed Ms. Du to take out a bank loan of 150,000 yuan and transfer it to the “safe account.” Ms. Du only realized she was being scammed when her family discovered the situation.

In this case, the scammer induced the victim to enable screen sharing on her phone, leading to the leakage of her account passwords. Even if the scammer did not actively ask for information, they could see everything on the victim’s phone, including characters typed during password entry, received verification codes, and more, thereby transferring funds from the victim’s card.

How Scammers Use "Screen Sharing" for Fraud

"Screen sharing" is one of the application scenarios of Internet technology, where the screen information of one device is projected in real-time onto another device over the network. This includes screen apps, pop-up SMS, WeChat messages, other app notifications, the process of entering account passwords, unlocking, and all other real-time operations displayed on the screen. Originally designed to facilitate user sharing, this function has become a means for fraudsters to profit.

According to the analysis by Dingxiang Security Cloud Business Intelligence Center, scammers use “screen sharing” for fraud in four main steps:

1. Information Gathering and Trust Building: Scammers use illegal channels to obtain victim information and impersonate public security officers, shopping platform customer service, or campus loan cancellation staff to accurately match the victim’s situation and gain trust.

2. Tricking Victims into Enabling "Screen Sharing": Using apps with built-in screen sharing functions (QQ, Tencent Meeting, DingTalk, etc.), scammers can monitor all operations on the victim’s phone in real-time.

3. Monitoring Online Banking Accounts and Verification Codes: Scammers instruct victims to download apps and enable screen sharing. Using the previously obtained bank card numbers, they log into online banking to perform transfer operations while monitoring the received SMS verification codes in real-time.
4. Stealing Funds: Initially, scammers trick victims into transferring funds themselves. If the victim realizes the scam or hesitates, scammers use intercepted verification codes to directly perform transfers, moving the funds without the victim’s knowledge.

Dingxiang Device Fingerprinting Can Prevent This Risk

On Android devices, “screen sharing” is implemented through the MediaProjection service. MediaProjection is a technology available in Android 5.0 and above, allowing developers to capture or record the screen. When the MediaProjection service is requested, the Android system pops up a permission request box. Only after the user clicks "Confirm" can screen sharing or recording begin.

Dingxiang Device Fingerprinting can detect screen sharing calls from apps like DingTalk and Tencent Meeting in real-time and immediately issue alerts to warn users of potential risks.

When MediaProjection is initiated, the system automatically creates a virtual display. Dingxiang Device Fingerprinting can detect this additional display, confirm that the device is in “screen sharing” mode, and immediately report it to the risk control center. The risk control center will then issue an alert, warning the operator of the potential risk and advising caution.

Dingxiang Device Fingerprinting involves collecting and analyzing a device's hardware, software, and behavioral data to uniquely identify and recognize each device. By using Device Fingerprinting, virtual machines, proxy servers, simulators, and other maliciously controlled devices can be identified. This technology can analyze whether a device has multiple account logins, frequently changes IP addresses, or frequently changes device attributes, identifying abnormal or unusual user behaviors. This helps track and identify fraudulent activities, preventing insurance fraud incidents from occurring. Additionally, Device Fingerprinting can serve as an extra layer of identity verification, enhancing security during user login and transaction processes. By recording and comparing Device Fingerprinting, legitimate users and potential fraudsters can be distinguished. This technology supports Android, iOS, H5, public accounts, and mini-programs, effectively detecting risks such as simulators, rooted devices, jailbreaks, and injection hijacking. It features rapid countermeasures, efficient risk identification, over 99% stability, and 100% uniqueness.

How Users Can Prevent "Screen Sharing" Risks

"Screen sharing" is increasingly being used in various forms of scams. The final step in these scams is to trick the victim into using or downloading network video conferencing software that provides "screen sharing" functionality. The goal is to spy on the user’s phone operations to obtain critical information such as bank account passwords.

1. Do not casually enable the "screen sharing" function on your Android phone unless confirmed.

2. Immediately close any "screen sharing" invitations from strangers. Do not use the "screen sharing" function with strangers, as they can see all your operations, including entering passwords.

3. Be extremely cautious when dealing with private information, especially bank card passwords and verification codes. Do not disclose any such information to strangers.

When receiving suspicious video calls or phone calls, stay calm. Use an excuse like a bad signal to hang up and then immediately call back through another method to confirm the legitimacy of the call, avoiding direct responses to potential scam content.