A 74-year-old businessman from the Santoshnagar neighborhood has fallen victim to a sophisticated digital scam, losing ₹10 lakh from his account after being manipulated by fraudsters impersonating officers from the Hyderabad Metropolitan Water Supply and Sewerage Board (HMWSSB). The incident has prompted an official investigation by the local Cyber Crime Police following a formal complaint lodged by the victim.
The fraud marks a growing trend where cybercriminals impersonate utility providers to exploit consumer panic over immediate service disruptions.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
The Disconnection Ruse and WhatsApp Vector
The cyber fraud operation began on May 21, when the senior citizen received an unsolicited WhatsApp message asserting that his household water meter readings had not been updated for the previous month. The message carried an aggressive warning, stating that the residence’s water connection would be summarily terminated that same evening if immediate regulatory steps were not taken.
When the victim called the contact number provided in the text alert, an individual posing as an HMWSSB representative guided him over a WhatsApp voice call. The caller claimed that an outstanding balance of just ₹10 needed to be processed immediately to halt the termination order.
Malicious Application Delivery and Account Siphoning
To facilitate the nominal transaction, the scammer transmitted a malicious Android Package (APK) file labeled HMWSSB CAN UPDATE.apk directly through the chat window. The businessman was instructed to download and execute the application on his smartphone to refresh his status and clear the pending metric discrepancy.
Although the victim’s attempt to execute the initial ₹10 micro-payment inside the application appeared to fail, the installation of the software allowed the fraudsters to silently harvest his internet banking credentials and mirror incoming security alerts. On June 3, the victim received genuine bank notifications indicating that a total sum of ₹10 lakh had been completely siphoned from his account through three consecutive, unauthorized transfers.
Emergency Intervention and Police Action
Upon realizing he had been compromised, the businessman immediately reached out to the national cybercrime grievance helpline at 1930 to flag the illicit fund movements before reporting the matter to the Cyber Crime units. Law enforcement officials have officially registered a criminal case under Sections 66C and 66D of the Information Technology (IT) Act, alongside Sections 318(4) and 319(2) covering cheating and cheating by personation under the Bharatiya Nyaya Sanhita (BNS).
Investigators are tracking the destination bank accounts to isolate where the stolen capital was routed. Cyber defense teams continue to warn citizens never to download third-party APK files shared through informal messaging platforms, noting that public utilities never distribute standalone application patches via chat to resolve billing matters.
