As more individuals turn to digital banking, fraudsters continuously devise new tactics to deceive them. Instances of banking-related scams have been increasing, prompting numerous banks, such as the State Bank of India (SBI), to caution their customers about these fraudulent activities. They also provide guidance on taking precautions against the growing number of emerging scams. For example, SBI recently issued a warning about a scam involving the distribution of an Android Application Package (APK) to users under the guise of redeeming SBI reward points and the precautions to take.
Let us look at some of the frauds that big banks in India have been warning customers about and how one can stay safe.
SBI, ICICI Bank, AU Small Finance warn customers about APK fraud
What is APK, APK files to avoid fraud
Android ecosystem also allows users to install third party mobile applications and controls on Play Store and also make it possible for hackers to exploit user’s android device by making them install APK or by trojanizing a legitimate application.
SBI posted on social media X: “It is observed that fraudsters are sending APKs and messages over SMS or WhatsApp for redeeming SBI reward points. Please note that SBI will never share links or unsolicited APKs over SMS or Whatsapp. Do not click on any such links or download unknown files.”
— TheOfficialSBI (@TheOfficialSBI)
How is APK fraud done
According to AU Small Finance Bank website, here is how it is done
1. Hackers first need to get the victims to install the malicious APKs on their mobile devices, for which hacker may employ social engineering tactics.
2. When the victim installs the APK by clicking on it, he/she may receive numerous warning messages on highlighting the dangers of installing apps from unknown sources. The victim can also see that the app is requesting a lot of permissions e.g., access to camera, microphone, location, contacts, SMS, etc.
3. Post installation, the hacker receives a connection on his hacking device, thus granting access and control of infected device with hacker to facilitate malicious actions.Also read: Frauds by bank employees: Take these steps to ensure branch manager or any other employee does not run away with your money
APK fraud: Things to note
- The created APK file does not appear valid and may only be a few KBs in size.
- Once installed, the APK demands a variety of rights, including cameras, microphones, GPS, contacts, SMS, and more. This is a huge red flag, and if the user has installed such a programme, it should be removed immediately.
- If the victim’s phone has antivirus software installed, such APK files are quickly identified as harmful.
- Users must pay obey to Google Play Store cautions that installing apps from unknown and unverified sources may harm their device.
- Reboot the phone on a regular basis and delete any background apps to ensure that the hacker loses connection.
ICICI Bank warns customers about the fraud last year.
“Beware! Do not install apps (APK files) from unverified sources or received via SMS/WhatsApp,” the bank said on the social media handle on X.
— ICICIBank (@ICICIBank)
ICICI Bank cautions customers about harmful links
Last month, ICICI Bank customers received a warning from the bank about fresh instances of online fraud. Account users have been cautioned by the private sector lender to be on the lookout for harmful links and programs that are being sent via email, WhatsApp, and others.
In a mail the bank said, “Remain vigilant and ensure that you do not install any suspicious/malicious application in your mobile from untrustworthy sources. ICICI Bank never sends any SMS/WhatsApp message to its customers, asking them to call a particular mobile number or download any application,”
Is that scan hiding a potential scam? Watch the video to uncover the hidden risks of QUISHING and learn how to stay one step ahead of the fraudsters.
Axis Bank warns customers about task-based fraud
In March 2024, Axis Bank customers took social media to voice their complaints over suspected fraud. They claimed to have seen transactions that they have not authorised or that they are receiving OTPs for transactions that they have not completed. On their Axis Bank credit cards, some people are even reporting illegal foreign transactions.
Recently, Axis Bank posted on social media stating: “Stay vigilant against investment or task-based fraud! Protect your financial and personal information by verifying sources, researching thoroughly, and never sharing sensitive details online.”
Punjab National Bank customers asked to be vigilant about fake SMSs
Some people have been pretending to be Punjab National Bank (PNB) officials in phone calls and text messages. They have used the bank’s name to promote fake products and deceive consumers.
According to the PNB website, “This is to inform the public at large that Punjab National Bank does not make any unregistered telemarketing calls or sms for soliciting life insurance business or any other products.”
The bank also posted on social media to create awareness among its customers.