A 42-year-old businessman from Nayandahalli in Bengaluru fell victim to a cyber fraud, losing Rs 5 lakh after his smartphone was compromised through a malicious WhatsApp message disguised as a wedding invitation. The incident highlights the growing threat of APK-based scams targeting unsuspecting users.
How the Scam Unfolded
The victim received a message on WhatsApp from a number belonging to an acquaintance. The message contained a file named 'Wedding Apk File Invitation'. Trusting the sender, the businessman downloaded and clicked on the APK file. Immediately, the malicious application granted remote access to fraudsters, allowing them to control the device.
Remote Access and Financial Loss
Once the APK was installed, cybercriminals gained full control of the phone. They accessed sensitive information, including banking credentials and OTPs. Within hours, Rs 5 lakh was siphoned from the victim's bank account through unauthorized transactions. The businessman realized the fraud only when he checked his account balance.
Modus Operandi of the Scammers
Fraudsters often use social engineering tactics to trick users into installing malicious APK files. In this case, the wedding invitation theme was chosen to appear legitimate. The APK file was a remote access trojan (RAT) that allowed hackers to:
- View and control the victim's screen in real time
- Access contacts, messages, and call logs
- Intercept OTPs and passwords
- Make unauthorized transactions
Police Investigation and Advisory
The victim filed a complaint at the local cybercrime police station. Police have registered a case under relevant sections of the Information Technology Act and are investigating the source of the APK file. Authorities have urged citizens to exercise caution when receiving unsolicited files, even from known contacts.
Preventive Measures
To avoid falling prey to such scams, cybersecurity experts recommend the following:
- Never download APK files from untrusted sources, including WhatsApp messages
- Verify with the sender before clicking on any file, especially if it seems unusual
- Install reliable antivirus software on mobile devices
- Enable two-factor authentication for banking apps
- Avoid granting unnecessary app permissions
This incident serves as a stark reminder that cybercriminals are constantly devising new ways to exploit trust and technology. Staying vigilant and following basic cybersecurity practices can prevent significant financial and personal data loss.
