A 30-year-old private sector employee from Hyderabad recently lost over Rs 1 lakh in a sophisticated online scam involving the unauthorized activation of an eSIM. The incident, which occurred without any One-Time Password (OTP) or standard authentication process, underscores the evolving tactics of cybercriminals.
The victim, who remains anonymous for privacy reasons, received a WhatsApp message from an unknown number. The message contained a link to an APK file labeled “customer support,” which the sender claimed was necessary for a new credit card application. Trusting the message, the victim downloaded and installed the file on his phone.
As reported by the Times of India, the APK file allowed scammers to access sensitive information stored on the victim’s device. They manipulated him into providing further details required for issuing a new credit card. Shortly after, the victim’s mobile network was disconnected, cutting off his access to SMS and call services.
The fraudsters exploited a loophole to activate an eSIM on another device using the victim’s phone number, bypassing the OTP requirement. By redirecting the victim’s messages and calls to another number, they intercepted OTPs sent for financial transactions. Within a short time, the scammers had stolen Rs 1,06,650. The victim only realized the fraud after regaining network connectivity and checking his bank statements.
This incident serves as a cautionary tale about the dangers of unsolicited messages and downloads. Here are some essential tips to safeguard yourself:
- Avoid Downloading APK Files: Never download APK files or software from unknown sources, particularly those sent via messaging apps like WhatsApp. These files may contain malware that compromises your device’s security.
- Verify Identities: Always verify the identity of anyone requesting personal or financial information. Legitimate companies typically do not ask for sensitive information through unsecured channels.
- Use Official Channels: When applying for new services such as credit cards, use official websites or visit physical branches. Avoid clicking on links sent through messages, as they may lead to phishing websites designed to steal your information.
By staying vigilant and following these precautions, you can better protect yourself from falling victim to similar scams.
