Press Information Bureau (PIB) has alerted State Bank of India’s customers regarding a prevalent online scam. The Fact-Check Unit of the PIB through a social media post has shared the modus operandi the cybercriminals are using to deceive SBI customers.

These fraudsters are targeting the bank’s customers by sending a message asking them to download an app called ‘SBI Rewards.’

In a post on social media platform ‘X’, the PIB Fact Check Unit alerted customers, “Did you also receive a message asking you to download & install an APK file to redeem SBI rewards. Never download unknown files or click on such links.”

How do scammers target users?

The deceptive message shared by the PIB’s Fact-Checking Unit appears as “Dear Valued Customers, Your SBI NetBanking reward points (Rs 9980) will expire today! Now Redeem through SBI Reward App Install & claim your reward by cash deposit in your account. Thankyou

Download file will look like ”SBI REWARD27..APK”

How does APK File scam happen?

An APK file scam is a type of malware scam that involves sending a fake APK file to trick a user into downloading a malicious app. The app can then steal the user’s personal data, such as banking information, contact information, and SMS content, according to RBL bank.

“Think of it as the Android equivalent of an executable file (.exe) on Windows. These files contain all the elements an app needs to install on your device. Typically, users can download APK files from the Google Play Store, the official and most trusted source. However, APK files can also be obtained from third-party sources, which are not guaranteed to be safe. While third-party app stores can offer legitimate apps, they also pose significant security risks,” according to the bank’s website.

Also read: New Banking Frauds: PNB customers alert! Fraudsters targeting you via APK files | What they are and how to protect

According to the AU Small Finance Bank website, “Hackers first need to get the victims to install the malicious APKs on their mobile devices, for which hacker may employ social engineering tactics. When the victim installs the APK by clicking on it, he/she may receive numerous warning messages highlighting the dangers of installing apps from unknown sources. The victim can also see that the app is requesting a lot of permissions e.g., access to camera, microphone, location, contacts, SMS, etc. Post installation, the hacker receives a connection on his hacking device, thus granting access and control of infected device with hacker to facilitate malicious actions.”

PNB also sent customers an alert on APK file scam

In August last year, Punjab National Bank (PNB) had warned its customers against similar tactics used by fraudsters to deceive them. The bank warned the customers that cybercriminals were distributing APK files via WhatsApp and text messages.

As part of their modus operandi, scammers sent a message or link to bank customers and upon clicking these links, control of the mobile device was getting transferred to fraudsters, leading to the theft of banking credentials and financial losses from customer’s account.

PNB advised its customers to avoid clicking on APK files or links from unverified sources and to follow precautionary steps to protect themselves against such cybercrimes:

Follow these precautionary steps to protect yourself from cyber fraud:

Immediately ignore and delete any suspicious messages.

Refrain from clicking on any links within these messages.

Only install mobile apps from trusted sources, avoiding downloads through links or APK files.

Never share payment details, including debit/credit card numbers, expiry dates, CVV, PINs, passwords, or OTPs. The bank will never request this information from you.

Report any suspicious messages or apps to the National Cyber Crime Reporting Portal at https://cybercrime.gov.in.

In case of cyber fraud, customers should immediately contact the National Cyber Crime Reporting Helpline at 1930 or file a complaint at https://cybercrime.gov.in. Additionally, customers can lodge complaints through the bank’s toll-free numbers at 18001800, 18002021, 18001802222, 18001032222, or 0120-2490000 to prevent further loss. For credit card-related fraud, customers may call the toll-free number 18001802345. These numbers are also listed on the back of debit/credit cards and on the bank’s website – https://www.pnbindia.in.