Sources: WhatsApp, SMS, Email, or social media platforms

Cybercriminals use sophisticated social engineering tactics to trick users into downloading and installing malicious APK files. They create urgency and push victims into making an immediate decision, often accompanied by claims that the opportunity is only for a limited time. This is a common technique in cybersecurity fraud and part of the latest cyber frauds in India.

• • “Available only for today” or “Last day!”  

• • “Sign up now to enjoy free gift worth $$$” 

• • “Earn reward points”

At times they instill fear by messages like:

• • “The account is blocked due to KYC update”

• • “Your account has been blocked” 

Scammers share a URL and prompt the victim to download a third-party app, which is a prevalent method used in online scams in cyber security. 

Impact

• • Monetary loss

• • Personal data like contacts, images, credential stealing

• • Attackers phish the user to enter their bank credential in the fake payment page or credit card details

• • An illegal bank transaction by leveraging the SMS stealer as OTP to make the bank transaction

• • Giving cybersecurity frauds and hackers control over victim’s device

Precautions

The lure of rewards is hard to resist, but the risks that come with rewards need to be carefully evaluated to ensure we don’t end up paying a high price for a seemingly free reward.

Irrespective of their source, it is highly recommended to avoid any messages which offer gifts in cash or kind as there is a very high probability that such messages may be hunting grounds for malwares and scamsters. Exercise utmost caution in dealing with such enticing messages, especially during the latest cyber fraud incidents. The best way to deal with them is to simply delete them.