Imagine one evening you receive a message warning that your electricity connection will be disconnected because a bill payment is pending. The text looks routine, mentions MAHADISCOM (also known as Maharashtra State Electricity Distribution Company Limited), and urges you to call a number for clarification or asks you to enter your credentials.
On calling, you are told only Rs 100 needs to be paid in order to keep your electricity connection and a link is promptly sent to your WhatsApp account or even through an SMS. Trusting the process, you click the link, enter your bank details, and complete the small transaction.
Fifteen minutes later, your phone buzzes again, not with a receipt of the payment, but with alerts showing Rs 6.52 lakh quietly drained from your account in multiple transactions. When you check the link again, it has disappeared, leaving behind the realisation that a simple message and a moment’s trust were enough for fraudsters to wipe out a lifetime’s savings.
Since 2022, one of the most common scams targeting unsuspecting senior users has been the ‘power bill’, which uses screen-sharing links to dupe potential victims.
Talking to Indianexpress.com, Yogesh Vilankar, Deputy Chief Public Relations Officer (CPRO), MSEDCL Nagpur Region, said, “The consumers used to receive a message stating that their electricity connection will soon be disconnected if they do not pay a small sum. The message would be accompanied with a link, which was a link to a screen-sharing application. Through a rigorous awareness campaign, the department had to convey to its consumers that this was a scam.”
Vilankar informed that an awareness message was widely shared with consumers through all possible media. He added that a visual displaying dos and don’ts is still displayed on the homepage of the MSEDCL official website. MSEDCL informed its consumers that they never ask them to contact any person. It always sends SMS from sender IDs like VM-MSEDCL, VK-MSEDCL or AM-MSEDCL, etc, and not from personal mobile numbers. The first two letters in a sender ID indicate the operator and location from where the message is being sent, and it ends with MSEDCL.
What are screen-sharing scams?
“Screen-sharing frauds are a type of social engineering fraud in which the attacker persuades the victim to install screen-sharing or remote access programs under the guise of customer support, KYC update, refund, or tech support. After gaining access, it is simple to have access to sensitive information in real-time, redirect the victim to banking apps and steal their credentials, or even make banking transactions as the fraudster works to manipulate the victim into approving their requests,” said Tarun Wig, Co-founder and CEO, Innefu Labs.
Story continues below this ad
“Screen-sharing scams mark a dangerous evolution in digital fraud, where criminals no longer rely only on stealing OTPs but manipulate victims into installing remote-access or malicious apps that hand over live control of their devices. While screen-sharing tools like AnyDesk and TeamViewer are a common entry point, these attacks often overlap with tech support, investment banking, and social engineering scams that target personal data, banking credentials, and even enable covert screen recording or keylogging,” informed Sneha Katkar, Head of Product Strategy, Quick Heal Technologies Ltd.
Urgency leads to manipulation
“What we are observing across the ecosystem is that these scams succeed not because of technical sophistication, but because of urgency and trust manipulation. A few minutes of remote access is often enough for fraudsters to map a user’s entire financial footprint and execute transactions before any control can react. With smartphones now functioning as wallets, banks, and identity vaults combined, screen access effectively becomes full account access,” said Amit Relan, CEO, mFilterIt.
Pavan Karthick M, Threat Researcher, CloudSEK, said, “If you are sharing your screen, one should remember that scammers can modify the screen to look like something that it is not to deceive you and then coerce you into doing some financial transactions. You should remember that transactions can’t be done just by sharing your screen on your personal computer. But if you’re sharing the screen on a phone, then everything is possible because they can send a notification and read it right from the screen.” On a phone, scammers can see everything in real time, banking apps, incoming OTPs, SMS alerts, and notifications, as they appear on your screen.
“Screen-sharing scams do not substitute OTP or phishing scams; they complement and supplement them. Fraudsters are also becoming more adept at combining tricks, screen sharing to overcome user suspicion, monitoring OTPs as they arrive and social engineering victims into accepting transactions themselves. This modern hybrid technique of scam-making is quicker, more persuasive, and harder to figure out,” added Tarun Wig.
Story continues below this ad
Warning signs
Experts list the following warning signs to look for:
– Urgent threats: Scammers create panic, such as disconnection of power, account suspension, refund expiry, and KYC failure, to rush you into acting without thinking. Urgency is used to bypass your judgment.
– Personal numbers: Messages that come from 10-digit mobile numbers, not official sender IDs like VM-MSEDCL or VK-MSEDCL.
– Request to download apps: Any request to download apps for completing a certain activity, such as bill payment, is a scam. See if there are links to apps like AnyDesk, TeamViewer, or unknown APKs. These apps themselves may be legitimate, but when someone asks you to install them during an unsolicited call or message, it is always a scam.
Story continues below this ad
– Calls to action: Asking for OTPs or to click on suspicious links.
How to protect
– Never download any apps or click on any suspicious links at the request of any caller.
– Delete messages from unknown numbers asking for bill payments or KYC updates.
– Communicate or pay bills only through official channels.
– Verify: If you are suspicious about the message, contact the official sender. For example, contact the MSEDCL office in case there is a message in their name.
Story continues below this ad
What to do if scammed
– Contact bank: Immediately inform your bank and freeze your account, halt all your future transactions.
– Uninstall apps: Uninstall any unknown applications that you might have downloaded.
– Report immediately: Contact the national cybercrime helpline 1930 or register a complaint at cybercrime.gov.in or visit the nearest police station.
“Consumers and businesses must treat device visibility with the same sensitivity as financial credentials. No legitimate institution will ever request screen sharing or remote control. From an industry standpoint, prevention has to start earlier, through user awareness, behavioural risk signals, and continuous monitoring that detects suspicious actions in real time. Because once visibility is granted, compromise is immediate, and recovery is always reactive,” said Amit Relan.
Story continues below this ad
Kaushal Bheda, Director, Pelorus Technology, noted, “The darker threat is how state actors use similar methods for espionage. We are seeing them recruit insiders to plug a hardware device, known as an IP-KVM, into secure work computers. This device uses a mobile phone connection to create a secret link to the outside world. This allows malicious actors to enter the internal networks and access sensitive information without being detected. So, on one side, we have financial theft, and on the other, a risk to national security. These represent two separate spectrums of risk, one devastating the public at scale, and the other compromising the security of the nation.”
The Safe Side
As the world evolves, the digital landscape evolves as well, bringing new opportunities and new risks. Scammers are becoming more sophisticated, exploiting vulnerabilities to their advantage. In our special feature series, we delve into the latest cybercrime trends and provide practical tips to help you stay informed, secure, and vigilant online.
