Cybercriminals have managed to figure out a clever new way of stealing money from innocent victims. Amidst the ongoing wedding season in India, they have exploited the trend to their advantage, duping innocent victims of thousands of rupees – all orchestrated via WhatsApp. Based on media reports, cyber criminals have exploited the ongoing wedding season in a new wave of fraud, using fake digital wedding invitation links sent via WhatsApp to hack mobile phones and steal money.
In an incident reported by Zee News, Dr Omprakash Chauhan, a resident of Dhampur in Bijnor district, lost Rs 31,000 instantly after clicking on a malicious link he received on his WhatsApp.
UP man loses control of phone and funds instantly
According to Dr. Chauhan’s complaint, he completely lost control of his mobile phone the moment he clicked the link sent on his WhatsApp account, disguised as a wedding invitation. Simultaneously, Rs 31,000 was deducted from his bank account. He stated that all his personal information was quickly transferred to an account identified as “Cyber Thakur.”
After realising he had fallen victim to a sophisticated cyber scam, Chauhan filed a complaint with his local police station and the Bijnor Cybercrime Police Station, where an investigation is currently underway.
How the ‘APK File’ scam works
Cyber experts warn that the fraudulent digital invitations are often disguised as APK (Android Package Kit) files, which are executable application files. When a user downloads and opens this file, the malware app is immediately activated on the smartphone. This malware gives the fraudsters complete remote control over the victim’s device, granting them access to bank accounts, UPI apps, passwords, and sensitive mobile data.
A dangerous aspect of this scheme is the self-propagation method. Once a phone is compromised, the same malicious wedding card link is automatically sent to the victim’s entire contact list, continuously expanding the network of potential victims.
Police issue public warning, share tips to stay safe
Following this and other similar incidents, local police are urging the public to be extremely vigilant. Dr Krishna Gopal, Assistant Superintendent of Police (ASP), City Bijnor, advised citizens to exercise caution and scrutiny before opening any link, file, or wedding invitation from an unknown number. He specifically warned against downloading APK files shared by unknown contacts via WhatsApp and other messaging apps, as well as sharing One-Time Passwords (OTPs) with anyone.
Additionally, readers are urged to apply two-factor authentication (2FA) verification for banking as well as other social accounts where password and OTP is involved.
