How Cyber Scams Leverage Social Engineering and Malicious APKs to Defraud Users

How Cyber Scams Leverage Social Engineering and Malicious APKs to Defraud Users

Sub : Sci

Sec :Awareness in IT

Why in News

Cyber scams involving social engineering and the use of malicious apps have been on the rise in India, resulting in significant financial losses.

Scam Mechanism Explained:

Initiation: The scam began with the victim receiving a link to download an APK shared through a WhatsApp business account linked to an international number.

APK Installation: The APK appeared legitimate and required the user to grant screen mirroring access during a video call.

Unauthorized Transactions: After installation, the scammers executed unauthorized financial transactions using the victim’s credit card.

Call Forwarding: Contacts of the victim reported an unknown person answering calls, likely due to the activation of call forwarding by the malicious app.

Scam Website: The URL used for the scam mimicked legitimate websites and was shared via messaging apps. This fake site was among top search results, revealing gaps in search engine verification.

About APK (Android Package Kit): It is a file format used by the Android operating system to distribute and install applications on mobile devices. It contains all the elements needed for an app to be correctly installed, including the code, resources, assets, certificates, and manifest file.

Scale of Cybercrime in India:

In 2023, India reported losses amounting to ₹66.66 crore across 4,850 online scam cases. The Indian Cybercrime Coordination Centre (I4C) highlighted those digital financial frauds in the last three years totalled an alarming ₹1.25 lakh crore.

Reports by National Cybercrime Reporting Portal (NCRP): The NCRP recorded losses of at least ₹10,319 crore from digital fraud in 2023 alone, with 5,252 suspect URLs being reported.

The Parliamentary Standing Committee on Finance reported that domestic fraud in FY23, as reported by Supervising Entities, totalled ₹2,537.35 crore. The increase in scams has been attributed to a combination of advanced technical knowledge, social engineering, and data leaks.

India ranked fifth globally in the number of breached accounts in 2023, with 5.3 million accounts compromised.

Social engineering scams, powered by increasingly sophisticated technical expertise, continue to pose a significant threat. Users must be vigilant when dealing with unverified links, apps, and QR codes.

About Social engineering:

It is a manipulation technique used by cybercriminals to trick individuals into revealing confidential or personal information, often through deceptive tactics.

This method relies on exploiting human psychology rather than hacking systems directly, using tactics such as impersonation, phishing, and pretexting to gain the victim’s trust or prompt immediate action that compromises security.

Preventative Measures for Users:

Avoid Clicking on Unverified Links: Users should only click on trusted sources and avoid installing apps shared via unsolicited messages.

Regular Security Checks: It is crucial to periodically check for compromised passwords and review bank and credit card statements for unauthorized transactions.

Caution with QR Codes: Scanning random QR codes can be risky, as scammers often use them to execute fraudulent activities.