A sophisticated new wave of cyber fraud has hit Visakhapatnam, leaving residents bewildered as criminals drain funds from credit and debit cards without the victims ever sharing One-Time Passwords (OTPs). In a disturbing trend, more than 20 individuals in the port city have collectively lost over Rs 10 lakh in recent weeks to these advanced scams.
The Invisible Theft: How Money Vanished Without OTPs
The common thread in all complaints is that victims noticed unauthorized transactions on their statements despite never revealing sensitive OTPs to anyone. In one alarming case, a 40-year-old defence employee approached the Visakhapatnam cybercrime police after Rs 75,000 was spent using his credit cards. He confirmed receiving OTP messages but insisted he never shared them.
Another resident, referred to as KS Kumar, faced a shocking bill of over Rs 1 lakh on his first credit card, issued in 2025, despite not having used it for any purchases. In a separate incident, a city resident lost more than Rs 1.5 lakh after merely providing his name and mobile number to an online delivery service. Yet another victim discovered a fraud of nearly Rs 2 lakh only upon receiving the credit card statement.
The Hacker's Tool: Malicious APK Files
Explaining the modus operandi, Inspector K Bhavani Prasad of the Visakhapatnam Cybercrime Police highlighted the role of malicious APK files. "These files allow fraudsters to receive OTPs along with the cardholder, enabling them to withdraw money without the victim’s knowledge," he stated. Victims often unknowingly download these files from links sent by fraudsters.
Cyber experts point to additional vulnerabilities, including weak security measures like the absence of two-step verification and the use of contactless cards. Fraudsters are also actively sending fake UPI links to trap unsuspecting users.
Festive Season Brings Increased Threats
With the Sankranti festival around the corner, cybercriminals have intensified their attacks. They are luring people with fake offers related to reward point redemptions, cashback schemes, and credit limit increases. Posing as bank officials, they promise lifetime free credit cards and send fraudulent links to harvest banking details.
Police have issued crucial safety tips for the public:
- Do not open APK file links sent by unknown persons.
- Never share bank or card details with anyone over call, message, or email.
- Be extremely cautious of messages claiming reward redemption or credit limit increases.
- Fraudsters often impersonate bank officials; always verify directly with your bank.
- Once a malicious link is clicked or a rogue app installed, criminals can gain access to your banking information.
- If you receive a suspicious call or message, disconnect immediately and contact your bank's official number.
- Report any cyber fraud immediately by calling the national helpline number 1930.
The series of incidents in Visakhapatnam serves as a stark reminder of the evolving tactics of cyber fraudsters, who are now finding ways to bypass traditional security layers like OTPs. Vigilance and adherence to cybersecurity guidelines are paramount to safeguard hard-earned money.
