Cybercriminals have now devised new tactics to steal money. They don’t need an OTP or ATM PIN. They just send messages containing links that appear to be from banks. Once the recipient clicks on the link, money is stolen from their account without requiring an OTP.
The scamsters often collect personal data from sources where individuals have shared their phone numbers. They use this data to send messages related to recent purchases. If the recipient clicks on the link, their money is immediately stolen.
A 26-year-old New Delhi woman recently purchased an HP laptop from Croma. A few days later, she received a message from an unknown number claiming she had won a voucher. The message asked her to share personal details, including bank information, to claim the voucher by clicking on a link.
What raised suspicion was an error in the message — it mentioned both Croma and Vijay Sales, stating she won the voucher for a purchase made at Vijay Sales. This inconsistency alerted her, preventing a potential scam.
How to stay safe against such scams
- Be cautious of unsolicited calls and messages.
- Never share sensitive information with unknown contacts.
- Do not click on suspicious links, even if they promise vouchers, discounts, or cash prizes.
- Avoid installing apps from unverified sources, as they may grant scammers access to your device’s camera and photo gallery, which are often used for KYC verification.
- If you receive an unusual call, verify the sender through official channels before taking any action.
Apart from phishing links, fraudsters are also using advanced techniques such as call merging, call forwarding, voice mail scams, QR code fraud, and screen sharing scams.
How does the call merging scam work?
In this scam, the fraudster calls a person—such as a media professional—pretending to be a known contact and invites them to cover an event. Simultaneously, the victim receives another call from an unknown number. The fraudster then claims the second call is from a VIP number and requests the victim to merge the calls.
Once merged, the fraudster listens in, capturing OTPs sent via call from banks or apps like WhatsApp and Facebook. This allows them to hack accounts or steal money.
APK and RAT Malware Scams
To scam users, cybercriminals are also using sophisticated Android Application Package (APK) files and Remote Access Trojans (RATs). According to a senior officer, RATs and APKs enable hackers to take control of a user’s device remotely, without their knowledge.
On May 21, the Hassan sub-division DySP reportedly lost Rs 15.98 lakh after installing an application from a nationalized bank, which was sent to him via a text message. The link contained an APK or RAT file that allowed hackers to access his device.
