The ‘Great Indian Wedding Season’ will soon be upon us, bringing with it the cunning schemes of cybercriminals who are ready to exploit your celebrations. A not-so-new scam has re-emerged, duping many victims of their savings by sending a single WhatsApp message. The harmless invitation ends up infiltrating your phone, stealing your personal data, including your banking credentials and emptying your savings.
Keep reading to understand how the scam operates, identify warning signs, and learn how to protect yourself.
Modus Operandi
WhatsApp Invite: You receive a WhatsApp message from an unknown number, often with a friendly note like - “Shaadi Mein Zaroor Ayein”. There is an attached file that appears to be an image, video or a PDF titled ‘Wedding Invitation Card.APK’
Scam in Disguise: The attachment is an Android Package Kit (APK) file used to distribute and install files on Android devices. Tapping it causes malware, including spyware, to be downloaded and installed on your phone.
Sneak Attack: Once the file(s) are installed, it may ask the user for permission to access your contacts, photo gallery, and other files. In some cases, the device may glitch and/or turn off. Either way, the scammer(s) now have complete control over your phone
Info Stealers: Since scammers can now read your messages and access your banking apps and information, they can initiate multiple transactions. Any OTPs generated can be easily viewed and used to transfer money from your account. They can also copy personal files and details such as images, contacts, and other credentials.
Red Flags
Invitations to celebratory events from unknown senders or someone you barely know.
An attachment with “.apk” at the end is to be viewed with suspicion.
Typos or grammatical errors in the accompanying text, strange phrasing, blurry images.
What To Do
Delete: Never tap on any attachment files, especially from unknown senders. If you weren’t expecting an invite, it’s safer to delete the message and block the contact.
Verify: If the invite claims to be from a friend or relative, call them on a trusted number to confirm or check with a common contact. Do not reply to the message because scammers may pose as your contact.
Stop: If a message asks you to download an app to “view” the invite, avoid doing so. Only install apps from official stores, and be sure to check their ratings and reviews.
Notify: If your device has been compromised, contact your bank immediately and inform them of the incident and any deducted amount. They can freeze your account(s) and cards until further notice. Change your net banking password and mobile banking credentials.
Report: Report the incident promptly through the National Cyber Crime Reporting Portal (cybercrime.gov.in) or call their helpline at 1930. You can also file a complaint at your local police station. Ensure that you gather relevant evidence to support the investigation.
Update: Always keep your device and apps updated to patch any vulnerabilities.
Share: Inform your circles and communities about the scam and ask them to be cautious of any such alerts.
The Quint's Scamguard initiative aims to keep up with emerging digital scams to help you stay informed and vigilant. If you've been scammed or successfully thwarted one, then tell us your story. Contact us via WhatsApp at +919540511818 or email us at myreport@thequint.com. You can also fill out the Google form and help us take your story forward.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)