The Cyber Crime Wing of the Tamil Nadu police has issued an advisory over a new cyber scam called the ‘SBI Reward Points Scam,’ after it received 73 complaints in two months.
Modus Operandi of the Scam
Explaining the modus operandi, Additional Director General of Police, Sanjay Kumar said, “The fraudsters first hack into a victim’s mobile phone to gain access to their social media accounts, such as WhatsApp. This can be done through various means, such as phishing attacks or exploiting vulnerabilities in apps.”
Scam Execution
Once they gain access to a social media account, the hackers send fake messages about SBI Reward Points to all the victim’s official and personal groups. The messages come with icons and names that say ‘State Bank of India’, and so they appear legitimate, he said.
The fraudulent messages contain links that claim to help victims update their bank details and redeem their SBI Reward Points. The messages state that the person’s reward points are about to lapse, creating a sense of urgency. When the victims click on the link, they are prompted to download an APK file (Android Package). This file is disguised as an official application or update related to SBI reward points. By downloading and installing the APK file, the victim unknowingly installs malware on their device. This malware can steal sensitive information, including banking credentials, passwords, and OTPs.
Consequences of the Scam
After entering their bank details, the victim is prompted to enter an OTP (One Time Password) sent to their phone. This OTP is supposed to secure the transaction but is intercepted by the fraudsters. With the captured bank details and OTPs, the fraudsters gain unauthorized access to the victim’s bank account. They can then transfer funds or perform other fraudulent activities, resulting in financial losses to the victim.
Advisory and Preventive Measures
The police have advised the public to activate two-step verification protocols on their social media accounts, to add an extra layer of security. This requires a PIN in addition to the OTP sent to your phone. They have also advised the public to be cautious of messages from unknown contacts or unexpected messages from known contacts, especially those containing links or requests for personal information.
The advisory also asked the public to avoid clicking on suspicious links and never download APK files from unknown sources. Always verify the authenticity of any website or app by checking official sources, it said.
Reporting Suspicious Activity
If you suspect that you have been a victim of fraudulent activity or have come across any suspicious activity, report the incident by dialing the Cyber Crime Tollfree Helpline 1930 or register a complaint at www.cybercrime.gov.in
