Cybercriminals have rolled out a new and insidious fraud technique by circulating alarming “accident alert” messages designed to trigger panic and impulsive reactions. Law enforcement and cybersecurity experts warn that the scam is spreading rapidly across rural and semi-urban pockets, with victims losing substantial sums even though they did not share OTPs, UPI PINs, or banking credentials.
The modus operandi relies on fear. Victims receive a phone call claiming that a close relative has met with a serious accident. The caller promises to send photographs of the injured person over WhatsApp and abruptly disconnects. Moments later, the victim receives what appears to be an image file. The moment the file is opened, malicious software silently installs itself on the phone.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
In one recent case from Kheda district, a farmer received such a call late in the evening. Alarmed by the claim that a family member had been injured, he waited for the promised images. When a file arrived, he opened it and briefly saw what looked like a scanner-style interface rather than a photograph. Sensing something was amiss, he deleted the file and switched off his phone.
The damage, however, had already been done. When he visited an ATM hours later, he discovered that nearly ₹50,000 had been debited from his bank account. Bank records later showed that the amount had been siphoned off through an online transaction routed via a UPI-based transfer. The victim subsequently lodged a complaint with the cybercrime helpline and local police.
Cybersecurity specialists say the fraud hinges on remote access trojans (RATs) concealed within files disguised as images, typically in JPEG format. Once the file is opened, the malware exploits accessibility permissions on the device, allowing fraudsters to monitor activity in real time. This enables them to access banking applications, read notifications, and initiate transactions without the user’s knowledge.
Unlike traditional phishing scams that rely on tricking users into revealing OTPs, passwords, or clicking suspicious links, this method works silently in the background. Victims often remain unaware until they attempt to withdraw cash or check their account balance. By then, the money has already been transferred out, often through multiple mule accounts to complicate tracing.
Cybercrime investigators say the use of emotional manipulation is deliberate. Messages referencing accidents, hospitalisation, police emergencies, or detention are crafted to override rational judgment. The few seconds of panic are enough to make recipients open unsolicited files without verifying the source.
Officials warn that such malware-driven frauds are particularly dangerous because they can compromise the entire device. Even after the initial theft, infected phones may remain vulnerable, allowing repeated unauthorised transactions if the malware is not fully removed. In several cases, victims have reported additional debits days later, despite changing PINs or blocking cards.
Police have advised citizens to adopt strict digital hygiene. Unsolicited files or images received on messaging platforms should never be opened, especially when preceded by emotionally charged calls or messages. Any communication claiming a family emergency should be independently verified by calling the relative or another trusted family member before taking action.
Experts also recommend keeping phones updated with the latest security patches, installing apps only from official app stores, and reviewing accessibility permissions granted to applications. If a device behaves unusually after opening a file—such as overheating, rapid battery drain, or unexplained pop-ups—it should be disconnected from the internet immediately and examined by a professional.
Victims of such fraud are urged to report incidents promptly to the national cybercrime helpline and their banks, as early reporting improves the chances of freezing transactions. As digital payments deepen their reach, authorities say public awareness remains the strongest defence against increasingly sophisticated cyber traps built on fear and urgency.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
