This wedding season, a new WhatsApp scam is doing rounds where cybercriminals are using the platform to spread malware, and steal personal data under the guise of digital wedding invitations.
This wedding season, a new WhatsApp scam is doing rounds where cybercriminals are using the platform to spread malware, and steal personal data under the guise of digital wedding invitations. Authorities have issued urgent warnings about this scam, which involves sending fake invitations embedded with harmful APK files to unsuspecting users.
According to a report by the Economic Times, these fraudulent invitations carry malicious links that, once clicked, can install malware or steal sensitive personal and financial data. The consequences? Victims might lose their life savings in mere moments.
In Rajasthan, a victim lost Rs 4.5 lakh after downloading a seemingly wedding card sent via WhatsApp. The malicious file planted malware on the victim's device, granting scammers access to their bank account information.
Authorities across Himachal Pradesh, Rajasthan, Uttar Pradesh, and Gujarat have raised alarms about these cyber-attacks. Gujarat Police took to X (formerly Twitter) to caution citizens, saying, “Fake wedding cards coming on WhatsApp are emptying bank accounts. After sending fake wedding cards (APK files), people unknowingly click on it. After this, the APK file gets auto-installed in the device and your device is hacked.”
These scams typically begin with a WhatsApp message containing a digital wedding invitation. At first glance, the invite appears legitimate, but hidden within is a link. When clicked, the link redirects users to a malicious website capable of installing malware or harvesting personal information such as bank account credentials and passwords.
Scammers primarily use APK (Android Package Kit) files to execute these attacks, often distributing them via email, social media, and messaging apps. The files are designed to bypass typical security measures, leaving victims vulnerable.
- Verify the sender: Avoid engaging with messages from unknown numbers or suspicious accounts.
- Steer clear of questionable links: Refrain from clicking links that seem dubious or overly enticing.
- Keep software updated: Regularly update your device’s operating system and security software to stay protected.
- Use strong passwords: Ensure all your online accounts are secured with unique, robust passwords.
- Enable two-factor authentication: Add an extra layer of protection to your online profiles.
- Report suspicious activity: Alert local authorities if you come across dubious messages or incidents.