India’s rapid shift to digital banking has also brought a rise in sophisticated cyber fraud. In the latest scam, SBI customers are being targeted with messages promising ₹10,500 worth of “reward points” that are about to expire. The message contains a malicious link or APK file. Once clicked, the file installs malware on the victim’s phone.
The malware captures sensitive data, including passwords, OTPs, and UPI PINs, enabling criminals to siphon money directly from customer accounts.
Official Warnings from Government and SBI
The PIB Fact Check unit of the Government of India issued a clarification that SBI never sends links or APK files via WhatsApp or SMS. The bank itself has also urged customers to use only its official platforms:
- YONO SBI App
- www.onlinesbi.com
SBI further warned customers not to trust suspicious messages and to report them immediately.
Why People Fall for the Scam: The Psychology of Fraud
Cybersecurity expert and former IPS officer Professor Triveni Singh explained that fraudsters exploit people’s greed and urgency.
“Messages offering free rewards, cashback, or KYC updates create a false sense of trust. Once someone clicks, their phone effectively comes under the control of the criminals,” he said.
This “social engineering” strategy manipulates human behavior, making individuals more likely to fall into the trap.
Data Protection and DPDP Act Readiness: Hundreds of Senior Leaders Sign Up for CDPO Program
Safety Measures for Customers
To protect against such attacks, experts and SBI recommend:
- Never clicking on suspicious links or files.
- Downloading apps only from Google Play Store or Apple App Store.
- Never sharing banking OTPs, passwords, or PINs.
- Keeping transaction alerts active to track account activity.
- Reporting suspicious messages to report.phishing@sbi.co.in.
What To Do If You Clicked the Link
If someone has accidentally clicked the malicious link:
- Uninstall the fake app immediately.
- Scan the phone with antivirus software.
- Change all banking passwords and PINs.
- Contact SBI helpline to block the account.
- If money has been stolen, file a complaint with the nearest cybercrime cell or through www.cybercrime.gov.in.
Bigger Picture: The Growing Digital Banking Risk
While the current case involves SBI, experts warn this trend is not limited to a single bank. As India’s digital payments ecosystem expands, cybercriminals are finding increasingly creative ways to defraud customers.
The key takeaway remains the same: caution and skepticism are the best defenses. Customers must remain alert, verify every message, and never act in haste when financial data is at stake.
