On Tuesday, HDFC Bank advised customers to remain vigilant against APK (Android Package Kit) fraud. Fraudsters use social engineering tactics by impersonating bank employees or government officials. The recipient of the message receives an APK file claiming to be from a trustworthy source.
Who Do Fraudsters Convince Victims?
Fraudsters typically impersonate government officials, employees of banks or well-known companies on the pretext of a Re-KYC, payment of traffic fines, or refund of income tax. They often create panic by claiming that a customer's KYC needs urgent updating or that a pending e-challan requires immediate action. To appear legitimate, they send APK links embedded with logos of trusted institutions.
A message is sent to the victim containing a fake APK link. Once the victim clicks on the link, malware gets installed on their mobile phone, unknown to them. This enables the fraudster to get full access to the victim’s phone. Fraudsters can access victims’ bank account(s) and carry out transactions without their consent. They can then redirect calls and text messages to another device and steal data from victims’ phones.
The victim realises that they have been duped upon receiving messages from their Bank about money being debited from their account.
Tips to protect yourself from APK fraud
Do not click on suspicious links or install apps/files received via social media, SMS, or email claiming to be from institutions like the RTO, Income Tax Department, or Bank officials.
Ensure your device has reliable antivirus or anti-malware software that can detect and block harmful files.
Do not download third-party apps over a call request from an unknown person. Download apps only from trusted sources or official websites..
Verify the legitimacy of the message/emails through the respective official website.
Report fraudulent/suspicious calls, messages on the Chakshu portal at https://sancharsaathi.gov.in/ or via the Sanchar Saathi mobile app.
Digital Arrest
HDFC Bank urged customers to remain vigilant against scams, such as “digital arrest” fraud, where fraudsters impersonate law enforcement or government officials and threaten victims with a digital arrest warrant for reasons that could range from alleged tax evasion, regulatory violations, financial misconduct, among others.
