With 2024 just about to end, the scammers are leaving no opportunity to target victims with different frauds enticing them to click malicious links and Android Package Kit (APK) files. FPJ showcases some of the recently emerged cyber-crimes which are being used to dupe unsuspecting victims.
Malicious link and APK files wishing Happy New Year.
Modus-operandi: Using the occasion of New Year 2025, cyber-criminals would try to hack mobiles of the targets by sending malicious links and APK files on their mobile phone. The scammers would then share those harmful links and APK files on a large scale through social networking sites including WhatsApp from the hacked mobile number.
Dos and Don’ts: If anyone receives any harmful links and APK files of Happy New Year wishes from any social networking site including WhatsApp, delete it immediately. Do not share such malicious links and APK files with anyone for any reason. If harmful links and APK files are posted to any WhatsApp groups from your known WhatsApp number, the admins of the said group should check and delete such links and APK files. Call 1930 immediately or file a complaint on this website www.cybercrime.gov.in in case of any cyber crime offence.
Fake wedding invitation file scam.
Modus-operandi: Scammers send fake wedding invitations through WhatsApp, Instagram or other such apps with links to download a fake APK file. Installing it can add malware or steal personal information, data and could also lead to privacy or financial losses.
Dos and Don’ts: Always confirm the invitation directly with the sender. Do not click on suspicious links or download untrusted apps. Look for suspicious domains or spelling errors in links. Keep security software updated on all devices.
USB Charger Scam (Juice Jacking)
Modus-operandi: Cyber-criminals use USB charging ports installed at public places such as airports, cafés, hotels and bus stand etc. for malicious activities. Charging electronic devices at such infected USB charging stations, may make one a victim of juice-jacking cyber attack. Juice jacking may lead to installation of malicious apps, encryption of one’s device and criminals may ask for ransom to restore it. Stealing of data from your device.
Dos and Don’ts: Think twice before plugging to public charging stations or portable wall chargers. Use electrical wall outlet to charge your mobile device. Try to carry your own personal cable or power bank. Lock your mobile device and disable pairing with a connected device. Try to charge your phone when it is in a switched off state.
Exploitation of cyber-crime helpline (1930) by cyber-criminals
Modus-operandi: Fraudsters pretended to be police officers using a Skype ID called ‘POLICE 1930’ to trick victims into thinking they were real law enforcement. They falsely claimed that the victim’s Aadhar ID was used for shipping illegal items like drugs and credit cards. The criminals then threaten the victim with imprisonment and freezing his/her bank accounts unless the victim transfers a large amount of money to them. This sophisticated scam misuse an official cyber-crime helpline to exploit the victim’s trust in government systems.
Dos and Don’ts: If contacted by someone claiming to be law enforcement, terminate the call and verify their identity through official channels. Legitimate authorities will not request immediate payment over the phone. One should not disclose sensitive data or financial details to unknown callers and if anyone receives a threatening call or message, it should be reported to local authorities or cyber-crime units. In case someone receives fake arrest emails, one should not trust or respond to fake arrest notices sent via email, WhatsApp, SMS or Phone calls claiming to be from the police. Be skeptical of emails that seem urgent, threatening, or out of the ordinary. Verify the authenticity of any suspicious emails and check the email address to ensure it’s from a genuine government website ending in “gov.in”.
