New Delhi | A new and highly dangerous cyber fraud campaign targeting customers of the State Bank of India (SBI) has triggered concern among security experts and banking authorities. Cybercriminals are sending fake messages claiming that customers’ YONO banking app accounts will soon be blocked or deactivated unless they immediately update their Aadhaar details. Using this false warning, fraudsters are tricking users into clicking suspicious links or downloading malicious APK files onto their smartphones.
According to cybersecurity experts, the operation is a coordinated “smishing” and mobile malware attack in which criminals create panic and urgency to manipulate victims into making costly mistakes. These fraudulent messages are being circulated through SMS, WhatsApp, and unsolicited emails. The language used in the messages is designed to appear highly official and convincing, making it difficult for ordinary users to distinguish between legitimate banking communication and a scam.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
SBI has issued an official fraud alert clarifying that the bank never asks customers to download APK files, click on unverified links, or update Aadhaar information through messages. The bank has strongly advised customers to download the official YONO application only through trusted platforms such as the Google Play Store or Apple App Store.
Investigations revealed that the scam messages typically warn users that their YONO account will be blocked if Aadhaar details are not updated immediately. Along with the message, victims receive a malicious link or APK file. Once the fake application is installed, cybercriminals can gain extensive access to the user’s mobile device. This may allow them to intercept OTPs, monitor banking activity, access sensitive personal information, and even remotely control the device.
Cybersecurity analysts say the fake applications are carefully designed to closely resemble the genuine YONO banking interface, making detection extremely difficult for average users. The attack technique is commonly referred to as a “fake banking app overlay attack,” a rapidly growing form of mobile malware fraud in India. Experts believe cybercriminals are increasingly shifting away from conventional phishing emails toward sophisticated mobile-based malware campaigns.
Renowned cybercrime expert and former IPS officer Prof. Triveni Singh said fraudsters are exploiting people’s growing dependence on digital banking and their limited awareness of cyber threats. According to him, Aadhaar-related messages are deliberately used as bait because many citizens remain confused about banking compliance requirements, KYC procedures, and Aadhaar linking rules. He warned users never to trust banking instructions received through unknown links, APK files, or unofficial messages.
India’s PIB Fact Check unit has also flagged such messages as fake and fraudulent. Authorities stated that these campaigns are specifically designed to steal customers’ financial and personal data. Experts warned that anyone who has accidentally installed such an application should immediately disconnect the device from the internet, run a complete antivirus scan, and change all banking passwords from a separate trusted device.
SBI has once again reminded customers that the bank never asks for OTPs, PINs, CVV numbers, passwords, or confidential banking details through phone calls, SMS, WhatsApp, or email. Customers have been advised to immediately delete suspicious messages and report phishing attempts to the bank through its official reporting channels, including report.phishing@sbi.co.in.
Cyber fraud complaints can also be registered through the national cybercrime helpline 1930 or the official cybercrime reporting portal. Experts stressed that as digital banking adoption continues to rise across India, awareness, vigilance, and basic cybersecurity practices remain the strongest defense against such evolving online frauds.
