Don’t download that file! HDFC flags dangerous bank fraud

HDFC Bank on Tuesday advised customers to remain vigilant against APK (Android Package Kit) frauds. In an APK scam, fraudsters typically use social engineering tactics by impersonating bank employees or government officials. This involves the recipient of the message to receive a malicious APK file claiming to be from trustworthy sources.

When a person installs these files, the fraudster gets full control of their phones. The fraudster can then redirect calls and text messages to another device and steal data from victims’ phones. Fraudsters can also access victim’s bank account(s) and carry out transactions without their consent.

How does this scam work:

1. Fraudsters typically impersonate government officials, employees of banks or well-known companies on the pretext of doing a Re-KYC, payment of traffic fines, refund of income tax, etc. A message is sent to the victim containing a fake APK link.
2. Once the victim clicks on the link, a malware gets installed on their mobile phone unknown to them.
3. This enables the fraudster to get full access to the victim’s phone through this malware
4. Post this, typically within the next few minutes, multiple unauthorised transactions take place, causing financial losses to the customers. The victim realises that they have been duped upon receiving messages from their Bank about money being debited from their account.

Fraudsters are increasingly targeting individuals through calls, emails, and messages by posing as officials from banks or government agencies. They often create panic by claiming that a customer's KYC needs urgent updating or that a pending e-challan requires immediate action. To appear legitimate, they send APK links embedded with logos of trusted institutions. Once the user installs these apps and inputs sensitive details such as account numbers, card information, or OTPs, the data is instantly stolen and used for fraudulent transactions. These malicious apps can also compromise the victim’s device, leading to further security breaches.

Tips to protect yourself from APK fraud

1. Do not click on suspicious links or install apps / files received via social media, SMS, or email claiming to be from institutions like, the RTO, Income Tax Department, or Bank officials.
2. Ensure your device has reliable antivirus or anti-malware software that can detect and block harmful files.
3. Do not download third-party apps over a call request from an unknown person. Download apps only from trusted sources or official websites.
4. Verify the legitimacy of the message / emails through the respective official website.
5. Report fraudulent/suspicious calls, messages on the Chakshu portal at https://sancharsaathi.gov.in/ or via the Sanchar Saathi mobile app.

HDFC Bank urged customers to remain vigilant against scams, such as “digital arrest” fraud, where fraudsters impersonate law enforcement or government officials and threaten victims with a digital arrest warrant for reasons that could range from alleged tax evasion, regulatory violations, financial misconduct among others.

Other frauds commonly seen include investment scams, where fraudsters promise unusually high returns on investments in stocks, IPOs, cryptocurrency, etc. via fake automated investment platforms and promoted via social media platforms. Fraudsters target the emotions of victims to perpetuate frauds by using the GTH – Greed, Threat and Help method.

In the event of falling prey to online fraud the victim should immediately report the unauthorised transactions to the bank in order to get the payment channel blocked, i.e., cards/UPI/net banking to safeguard against future losses. Customers should also file a complaint by calling 1930, a helpline number started by the Ministry of Home Affairs (MHA) as well as submit a complaint on the National Cyber Crime Reporting Portal https://www.cybercrime.gov.in.