As Hyderabad gears up to welcome the New Year 2026, the Telangana Police have issued a critical warning to citizens about a surge in sophisticated cyber fraud. Cyber criminals are exploiting the festive spirit by circulating dangerous "Greeting Scams" on popular messaging platforms like WhatsApp and Telegram.
How the New Year Greeting Scams Work
According to authorities, the scam begins with a seemingly innocent New Year message. The Telangana Cyber Security Bureau (TGCSB) reports that scammers first hack into a person's account. They then use that compromised account to send messages to the victim's entire contact list.
The message often contains a link that promises a "special personalised greeting," a "New Year gift," or even a fake "SBI year-end reward." Because the link appears to come from a known and trusted contact, recipients are more likely to let their guard down and click on it.
The Dangerous Consequences of Clicking the Link
Police explain that the moment a user clicks the festive link, a malicious Android Package Kit (APK) file installs itself silently on the mobile device. Instead of displaying a cheerful greeting card, this malware grants hackers remote access to the phone.
Shikha Goel, the head of the TGCSB, starkly warned, "People believe they are opening a greeting card, but in reality, they are handing over the keys to their bank account." The malware effectively "kidnaps" the phone, going far beyond simple data theft.
Cyber experts detail that once installed, the malicious software allows criminals to:
- Read all SMS messages, including one-time passwords (OTPs) for banking.
- Access photos, contacts, and personal files.
- Remotely activate the device's microphone.
- Bypass two-factor authentication on financial apps.
Furthermore, the attackers seize control of the victim's WhatsApp account. They then automatically forward the same scam link to the victim's family, friends, and office groups, creating a vicious cycle of infection that spreads rapidly through trusted networks.
Essential Safety Guidelines from Telangana Cyber Security Bureau
To protect citizens during the New Year celebrations, the TGCSB has issued a clear set of guidelines:
Never click on unsolicited links: Avoid opening any links sent as greetings, gifts, or offers, even if they appear to come from friends or family. Verify through a separate call or message.
Block APK installations from messages: Do not install any application files (.APK) sent through WhatsApp, Telegram, or other messaging platforms. Only use official app stores.
Enable Two-Step Verification: Turn on two-factor authentication (2FA) within your WhatsApp settings to add a crucial layer of security against account hijacking.
Update apps officially: Download all apps and software updates exclusively from the Google Play Store for Android or the Apple App Store for iOS devices.
Act immediately if compromised: If you accidentally click a suspicious link, disconnect your phone from the internet immediately (turn off Wi-Fi and mobile data). Then, uninstall any unknown apps and contact your bank to secure your accounts.
The police have urged everyone to remain extremely cautious and verify the authenticity of festive messages before taking any action. They emphasize that a single moment of festive excitement could lead to severe financial loss and a massive breach of personal privacy. This social engineering attack preys on goodwill, making vigilance the most important defense as 2026 approaches.
