Will your SBI YONO app be blocked if you don’t update your Aadhaar? Check reality

A message making the rounds on WhatsApp and other social media platforms has triggered panic among many State Bank of India customers. The message claims that SBI users must urgently download and install an APK file to update their Aadhaar-linked KYC details. It further warns that the failure to do so will result in the SBI YONO app being blocked.

The claim created confusion among many SBI users as they tried to know the reality of the message. As a result, even the Press Information Bureau’s (PIB) Fact Check Team had to step in. Let’s find out what the PIB Fact Check team said about the authenticity of the message.

PIB Fact Check team on message about SBI Yono app and Aadhaar card update

In a social media post on X (formerly Twitter), the PIB Fact Check team has said this information is completely false.

“A message circulating on social media in the name of SBI claims that users must download and install an APK file to update their Aadhaar details. It further claims that if Aadhaar is not updated, the SBI YONO app will be blocked,” the PIB message reads.

"This claim is FAKE. Do NOT download any APKs or share personal, banking, or Aadhaar details. @TheOfficialSBI does NOT ask for such information," says the PIB message.

SBI, in a post on X, has stated that it does not ask customers to download APK files or update Aadhaar details through links sent via SMS, WhatsApp, or emails.

According to the bank, fraudsters are circulating fake APK links in the name of SBI YONO, claiming they are meant for Aadhaar or KYC updates. Once you install, these malicious apps will have access to your sensitive information, including banking credentials, OTPs, and personal data, leading to unauthorised transactions and financial loss, the bank says.

SBI has warned its customers falling prey to such fraud messages in another post

“Fraudsters are sending fake APK links claiming to update your banking app. The PIB Fact Check team said that it is a scam to steal your money and asked customers to not to click on such links. Download apps only from Play Store or App Store,” says SBI.

How to report such phishing scams?

To report any cyber incident, please email at report.phishing@sbi.co.in or call cyber crime helpline number 1930. For more information, visit https://cybercrime.gov.in/.

Best practices to avoid phishing attacks

• Do not click on unknown hyperlinks or mail attachments.
• Check veracity or the authenticity of the sender.
• Check the URL to confirm whether it is a legitimate website.
• Check for typos and grammatical errors in the body of the mail.
• Always remember, the bank never asks for your personal information.
• Be wary of tempting offers.

How APK fraud is done

According to the AU Small Finance Bank website, here is how APK fraud is done-
1. Hackers first need to approach the victim to install malicious APKs on their mobile devices, for which a hacker may employ social engineering tactics.
2. When the victim installs the APK file by clicking on it, he/she may receive numerous warning messages highlighting the dangers of installing apps from unknown sources. The victim can also see that the app is requesting a lot of permissions, e.g., access to camera, microphone, location, contacts, SMS, etc.
3. Post installation, the hacker receives a connection on his hacking device, thus granting access and control of the infected device with the hacker to facilitate malicious actions.