Ahmedabad Businessman Loses Rs 31.42 Lakh in Cyber Fraud via Malicious APK File
Ahmedabad Businessman Loses Rs 31.42 Lakh in Cyber Fraud

Ahmedabad Businessman Loses Rs 31.42 Lakh in Cyber Fraud via Malicious APK File

A 46-year-old businessman from Nikol, Ahmedabad, has filed a complaint with the cybercrime police after Rs 31.42 lakh was illegally siphoned from his company's cash credit account through multiple online transactions within just 20 minutes. The incident underscores the escalating risks of digital fraud in India's financial sector.

Details of the Complaint and Business Setup

The complainant, a resident of Nikol-Naroda Road, operates a submersible pump parts trading company in Naroda GIDC Phase-I along with a business partner. The company maintains a joint cash credit account with a private bank, which is linked to both partners' mobile numbers for transaction alerts. However, one-time passwords (OTPs) for transactions are received exclusively on the complainant's phone, a security measure that failed to prevent the fraud.

Sequence of Events Leading to the Fraud

According to the complaint filed on February 16, the unauthorized transactions occurred following a suspicious incident on January 21. The complainant's partner received an APK file via a WhatsApp group message, purportedly intended for checking an RTO e-challan. Upon opening the file, it requested Aadhaar and PAN details, prompting immediate suspicion and closure of the file.

On January 28, around 1 PM, the partner's WhatsApp application stopped functioning. After restarting the phone, a message indicated that the app would resume only after OTP verification. Within 30 minutes, the account became active again, suggesting potential unauthorized access.

Later that evening at approximately 7:58 PM, both partners began receiving SMS alerts indicating funds were being debited from the company's Yes Bank account. In a rapid 20-minute span, nine transactions totaling Rs 31,42,665 were processed without their knowledge. The individual transaction amounts varied from Rs 55,000 to Rs 6.73 lakh. Notably, the complainant confirmed that no OTPs were received for these transactions, indicating a breach in the banking security protocols.

Immediate Actions and Investigation

A complaint was promptly registered on the national cyber helpline. Concurrently, Rs 25,000 was debited from the partner's personal savings account with the same bank, leading to a separate complaint. Authorities have initiated an investigation to trace the beneficiary accounts and follow the digital trail left by the perpetrators.

Officials suspect that the APK file was malicious and designed to gain unauthorized access to banking credentials, enabling the fraudulent transactions. This case highlights critical vulnerabilities in digital banking security and the sophisticated methods employed by cybercriminals.

Broader Implications and Recommendations

This incident serves as a stark reminder for businesses and individuals to exercise extreme caution with unsolicited digital files and links. Key recommendations include:

  • Avoid downloading files from unknown sources: Especially APK files or any attachments in unsolicited messages.
  • Verify requests for personal information: Legitimate entities rarely ask for sensitive details like Aadhaar or PAN via unofficial channels.
  • Monitor bank accounts regularly: Enable all available security features and report any suspicious activity immediately.
  • Use multi-factor authentication: Ensure robust security measures beyond OTPs, such as biometric verification or hardware tokens.

As cybercrime continues to evolve, proactive measures and heightened awareness are essential to safeguard financial assets in an increasingly digital world.