The Tamil Nadu police’s Cyber Crime Wing has issued an user advisory over the SBI Reward Points Scam after it received 73 complaints in two months. “In recent incidents, hackers have used compromised WhatsApp accounts to send fake messages about ‘SBI Reward Points’ to various official and personal WhatsApp groups. The hackers may also change the existing group icons and names to ‘State Bank of India’,” a statement issued by the state police said.
The reports of this scam in Tamil Nadu were reported to the police through the National Cyber Crime Report Portal. Additional Director General of Police, Sanjay Kumar, explained that the fraudsters begin by hacking into a victim’s mobile phone to access their social media accounts, such as WhatsApp. They achieve this through tactics like phishing attacks or exploiting app vulnerabilities.
Once the hackers enter a social media account, they distribute fake messages regarding SBI Reward Points in all the victim’s official and personal groups. These messages are designed to appear authentic, bearing icons and names of ‘State Bank of India’, deceiving recipients into believing them to be legitimate sources of information.
The police said the fraudulent messages contain links that claim to help victims update their bank details and redeem their SBI Reward Points. The message states that the person’s reward points are about to lapse, creating a sense of urgency.
Individuals who unknowingly click on a provided link are led to download an APK file, which is short for Android Package. This fraudulent file pretends to be an official application or an update related to SBI reward points. Once the APK file is installed, the victim’s device inadvertently becomes infected with malware. This malicious software can extract sensitive information like banking credentials, passwords, and One Time Passwords (OTPs).
After revealing their banking details, the victim is prompted to enter an OTP, a temporary code sent to their mobile device for transaction security. While the OTP is meant to verify the transaction, it is intercepted by scammers. With access to stolen banking information and OTPs, fraudsters gain illegal entry into the victim’s bank account. This unauthorized access allows them to conduct fund transfers or engage in fraudulent activities, resulting in financial losses.
Steps to avoid scam
Enhance Security with Two-Step Verification: Law enforcement advises the public to enable two-step verification measures on their social media accounts. This process includes inputting a PIN in addition to the one-time password (OTP) sent to their phone, providing an extra level of protection.
Ensure Authenticity: The guidance also recommends confirming the legitimacy of websites and applications by consulting official sources. It is essential to refrain from clicking on dubious links and avoid downloading APK files from unidentified origins.
Strengthen Passwords: Authorities suggest creating and routinely changing robust, distinctive passwords for bank accounts.
Report Suspicious Behavior: If there are concerns about being a victim of fraudulent activities or encountering suspicious behavior, individuals are urged to report the incident by dialing the Cyber Crime Toll-Free Helpline 1930 or filing a complaint at www.cybercrime.gov.in.