Cybercrime cops foil Rs 1 lakh fraud, save Moghalpura man from e-commerce scammers

Hyderabad: Quick thinking and action of the Cyber Crime Police Station official saved a city resident from losing Rs 1 lakh to cyber fraud.

Police Constable N Srikanth Naik of the NCRP (National Cybercrime Reporting Portal) managed to remove an APK file from the phone before it gave access to scammers.

APK file automatically forwarded bank OTPs to scammers

According to the complaint, on September 11, a 48-year-old tailor, a resident of Moghalpura, received a malicious APK file named ‘RTO CHALLAN’, which he mistakenly downloaded and installed on his mobile phone.

This led to unauthorised access to his device.

Subsequently, the victim began receiving messages related to banking transactions. Over time, he received multiple debit messages from his credit card along with banking OTPs. The malware secretly forwarded these OTPs to fraudsters, enabling them to carry out fraudulent transactions.

The victim suffered a financial loss of Rs 95,239 from his credit card, and several other transactions are still in process.

The victim then approached the Cyber Crime Police Station, Hyderabad, and reported the matter. Constable N Srikanth Naik at the NCRP Handling Portal inspected the mobile phone and removed the malicious application from the device.

Scammers managed to access the victim’s Flipkart, Amazon, and Myntra accounts

Upon further analysis, a unique pattern was identified.

The fraudsters had logged into the victim’s Flipkart, Amazon, and Myntra accounts. As the victim had saved his card details on these platforms, the fraudsters were able to place orders without needing to re-enter full card information.

This method also bypassed fraud alert calls from the bank, as saved card transactions often do not trigger such alerts. The fraudsters expedited product delivery to ensure they could receive the items before any action was taken.

The police constable accessed the victim’s e-commerce accounts and successfully cancelled all confirmed orders. Orders worth Rs 95,239 were cancelled and refunded to the victim.

Ashok Nagar techie reported the same fraud

Another victim, a 35-year-old techie from Ashok Nagar, reported a similar incident.

Fraudulent orders worth Rs 23,532 were placed using the same modus operandi. These orders were also cancelled, and the amount was successfully safeguarded for the victim.

Modus Operandi

- Cyber fraudsters are actively circulating malicious APK files, such as ‘RTO CHALLAN’ and ‘RTA CHALLAN 140.apk’

- These files are being spread through WhatsApp messages, groups, SMS and social media links.

- Once downloaded and installed, these malicious apps gain unauthorised access to the victim’s mobile phone, personal data, banking information and OTPs, resulting in large financial losses due to fraudulent transactions.

Public Advisory

- The general public is hereby advised to stay alert and avoid falling prey to rising cases of online fraud, particularly involving malicious APK files.

- Never download or install APK files or apps from unknown sources, especially those received via WhatsApp, SMS, or social media.

- Only download apps from official platforms like the Google Play Store or Apple App Store.

- Do not share your bank details, card numbers, CVV, OTPs or personal information with anyone—even if they claim to be from a bank or government agency.

- Don’t save your Credit /Debit/ Internet Banking Credentials in E-Commerce platforms

- Delete the card details from commerce platforms after use

To get the latest updates about cybercrime, follow these social media handles

@cybercrimepshyd @cybercrimepshyd @CyberCrimeshyd