Malware Detected: How Scammers Access Your Phone, Steal Credit Card Info

A Maharashtra government employee lost Rs 2 lakh after a scammer persuaded him to share his credit card details. Shridhar Mahuli had opted for an AU Small Finance Bank’s credit card and would make small transactions occasionally. A few months later, he received a call from a scammer — impersonating an AU bank employee — regarding a health insurance payment. The call resulted in multiple unauthorised payments, leaving Mahuli distressed. 

By now, we are well-versed in being cautious about not sharing any personal details, especially those related to banking. However, fraudsters pose as legitimate officials, creating an urgent situation in which they claim to offer support and then dupe you.

We dissect the credit card scam so you can safeguard yourself and stay scam-smart.

• Identity Spoofing: You receive a phone call from a scammer pretending to be an employee of your affiliated bank. To build your trust, they often present a fake ID card, which could be stolen from a current or former employee. 

• Fabricated Insurance: They inquire if you have linked your health insurance premium payments to your credit card because the amount will be deducted shortly. 

• Spyware Download: Scammers share a link to an APK (Android Package Kit) file for you to download on your device. It installs malware that can be used to access your device remotely and/or install keyloggers, which can record sensitive information such as IDs and passwords. 

• Card Details Stolen: Scammers can now access your phone remotely and display a screen for you to add your credit card details. Once done, they take a screenshot of the screen and use the information to make multiple transactions. 

• An unsolicited call from a bank official urging you to share your credit card information by creating a sense of urgency or asserting that a deadline is approaching.

• Sharing APK files and insisting that you install them on your device. 

• Decline: Refuse to download any files, click on any link or share any banking details, especially card details, PIN, and CVV number.

• Hang Up: If you feel doubtful, immediately cut the call and contact your bank using the information on its official website.

• Call Your Bank: If you’ve shared your details, immediately inform your bank so they can block your card and track the unauthorised transactions made by the scammers.

• Report: If you were scammed or were able to spot this scam, then report the incident as soon as possible through a government portal such as Chakshu (https://sancharsaathi.gov.in/sfc/) and the national cybercrime helpline number—1930. You can also lodge a complaint with the local police station.

The Quint's Scamguard initiative aims to keep up with emerging digital scams to help you stay informed and vigilant. If you've been scammed or successfully thwarted one, then tell us your story. Contact us via WhatsApp at +919999008335 or email us at myreport@thequint.com. You can also fill out the Google form and help us take your story forward.)

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)