Chandigarh Resident Defrauded of Rs 5.5 Lakh in Sophisticated APK Scam
A resident of Sector 44 in Chandigarh has become the latest victim of an advanced APK scam, suffering a financial loss of almost Rs 5.5 lakh after downloading a deceptive traffic fine application sent through WhatsApp. This alarming incident underscores a rising trend where cybercriminals exploit official-looking government e-challans to install malware on mobile devices, enabling them to steal personal information and financial credentials.
How the Scam Unfolded
On February 27, Mandeep Singh received a message from an unknown number claiming he had a pending traffic violation. The message included an Android Package Kit (APK) file labeled as E-Challan. Curious about the alleged fine, Mandeep downloaded the file to review it. Although he grew suspicious and deleted the application shortly afterward, the malware had already infiltrated his device, compromising its security.
The breach remained undetected for several hours until Mandeep began receiving a barrage of one-time password (OTP) messages from various online retailers. The timeline of events is critical:
- At 2:30 PM, he downloaded the malicious APK file.
- By 8:30 PM, multiple OTP messages started arriving, indicating unauthorized login attempts.
- At 10:00 PM, Mandeep's son discovered the malware in the phone's notification history and removed the hidden application.
Unfortunately, by the time the app was deleted, the fraudsters had already bypassed security protocols to access Mandeep Singh's credit cards, leading to significant financial damage.
Financial Impact and Delhi Connections
The attackers exploited two separate accounts to make high-value purchases on a major e-commerce platform. Specifically:
- Mandeep's ICICI Bank credit card was used for transactions exceeding Rs 4.5 lakh.
- His SBI credit card was targeted for nearly Rs 95,000.
Investigations have uncovered that the suspects added three delivery addresses in Delhi—located in Karawal Nagar, Dayalpur, and Bhajanpura—to the victim's shopping account to receive the fraudulently purchased goods. This connection to Delhi highlights the organized nature of the scam and the cross-regional efforts of cybercriminals.
Police Response and Ongoing Investigation
The cybercrime police station in Sector 17 has registered a case against unidentified suspects. While no arrests have been made yet, investigators are actively trailing the digital signatures of the transactions and the delivery locations in Delhi. A police spokesperson commended the victim's prompt actions, stating, The victim acted correctly by blocking his cards and informing the banks immediately. We are working diligently to identify the individuals behind the Delhi-based delivery addresses.
Essential Cybersecurity Tips
In light of this incident, police authorities urge mobile-phone users to adopt stringent safety measures:
- Never download files from unknown sources, especially via messaging apps like WhatsApp.
- Remember that official government agencies rarely send legal notices or payment links through such platforms.
- Regularly monitor device notifications and app permissions to detect any suspicious activity early.
This case serves as a stark reminder of the evolving threats in the digital landscape and the importance of vigilance to protect against financial and data breaches.
