Chennai: In a shocking incident, a total of 73 people were conned by scamsters in the name of SBI Reward Points in the last two months.
A press release from Cyber Crime Wing Headquarters said the SBI Reward points scam has come to light following receipt of 73 complaints in the months of May and June.
It said cyber fraudsters have come up with a new modus operandi involving a scam where the fraudsters hack into victim’s mobile phones/devices and send fraudulent messages.
In recent incidents, hackers have used compromised Whats-App accounts to send fake messages about SBI Reward Points to various official and personal Whats-App groups.
The hackers may also change the existing group icons and names to "State Bank of India", it said.
The fraudulent messages contain links for victims to update their bank details and redeem their SBI Reward Points which leads to monetary loss. Their compromised social media accounts are used to spread fraudulent messages, leading to financial loss and disrupted communication within their networks.
In the month of May and June 2024, 73 cyber complaints were received in National Cyber Crime Report Portal relating to this scam in Tamil Nadu.
How the scam occurs?
Explaining the scam, the release said the fraudsters first hack into a victim's mobile phone to gain access to their social media accounts, such as Whats-App.
"This can be done through various means, such as phishing attacks or exploiting vulnerabilities in the app. Once they gain access to the account, the hackers send fake messages about SBI Reward Points to all the victim's official and personal groups. They also change the group icons and names to "State Bank of India" to make the messages appear legitimate", it said.
The fraudulent messages contain links that claim to help victims update their bank details and redeem their SBI Reward Points. The messages may say that the reward points are about to lapse, creating a sense of urgency.
When a victim clicks on the link, they are prompted to download an APK file (Android Package). This file is disguised as an official application or update related to SBI Reward Points.
By downloading and installing the APK file, the victim unknowingly installs malware on their device. This malware can steal sensitive information, including banking credentials, passwords, and OTPs.
It also gains access to the victim’s social media accounts like Whats-App and uses the account to share the phishing link with the Whats-App groups.
In this way, victims unknowingly aid in scamming many other people. After entering their bank details, the victim is prompted to enter an OTP (One-Time Password) sent to their phone. This OTP is supposed to secure the transaction, but is intercepted by the fraudsters.
With the captured bank details and OTPs, the fraudsters gain unauthorized access to the victim's bank account, then transfer funds or perform other fraudulent activities, resulting in financial loss to the victim.
How to protect yourself from such scams?
Since this scam has come to light, the Cyber Crime Wing of the Tamil Nadu Police have advised the public to activate two-step verification on social media accounts to add an extra layer of security. This requires a PIN in addition to the OTP sent to your phone.
They were asked to be cautious of messages from unknown contacts or unexpected messages from known contacts, especially those containing links or requests for personal information, avoid clicking on suspicious links and never download APK files from unknown sources, always verify the authenticity of any website or app by checking official sources.
The public were also advised to use strong, unique passwords for their accounts and change them regularly, while avoiding using the same password across multiple accounts, besides monitoring the changes in their social media groups.
If any unauthorized changes were noticed in group icons or names, the public were asked to report it to the group admin and leave the group if necessary.
If the person has entered the banking details on a suspicious site, they were advised to contact the bank immediately to secure the accounts and prevent unauthorized transactions.