When victims scan the QR codes, the websites become unresponsive and they are not taken to the official WhatsApp Web page.
Scammers who had embedded the QR codes in the phishing websites would then be able to gain remote access to the victims’ WhatsApp accounts.
They will message victims’ contacts asking for their personal details and online banking credentials. In some cases, they ask for money to be transferred to a bank account.
As victims can still access their WhatsApp accounts while scammers are concurrently using them, the victims will only discover their accounts have been compromised when they are notified by their contacts of “unusual requests”, said the police.