A 70-year-old pensioner allegedly lost ₹39.7 lakh after a caller posing as a Central Bank of India official persuaded him to install a fake pension verification application received through WhatsApp. Police suspect the malicious APK gave cybercriminals access to his phone, banking information and one-time passwords.
Caller Claimed Pension Verification Was Pending
According to the complaint, Chirag Parasottamdas Sutaria, a resident of IOC Road in Chandkheda, received a call from an unidentified person on the evening of June 18.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
The caller introduced himself as a bank official and allegedly told Sutaria that verification of his pension card was pending. He instructed him to download a file to complete the process.
A file named “Pension card verification.apk” was subsequently sent to Sutaria through WhatsApp. Believing it to be genuine, he downloaded and installed the application on his mobile phone.
Soon after the installation, Sutaria began receiving OTP messages and transaction alerts for withdrawals he had not authorised.
Three ODFD Accounts Targeted
The pensioner contacted the bank’s customer care service and requested that his Overdraft Fixed Deposit accounts be blocked.
A subsequent examination of account statements and mobile banking records reportedly showed that funds had already been removed from three separate ODFD accounts.
According to the complaint, ₹9.90 lakh was transferred from each of the three accounts. Two additional transactions of ₹5 lakh each were also executed, taking the total alleged loss to ₹39.7 lakh.
Preliminary findings suggest that the money was routed through accounts connected with payment gateway services, including Razorpay-associated channels.
Sutaria reported the incident to the National Cyber Crime Helpline at 1930 on June 19 and later filed a formal complaint with the Cyber Crime Police Station.
Police Trace Phone Number and Fund Trail
Investigators suspect the APK was designed to provide remote access to the victim’s device. It may have allowed the fraudsters to obtain banking credentials, passwords and OTPs required to complete unauthorised transactions.
Police are tracing the number used to contact Sutaria and analysing the movement of funds through beneficiary accounts. Digital evidence is also being examined to determine how the application operated and identify others who may have participated.
Cybercrime expert and former IPS officer Prof. Triveni Singh said fraudsters frequently impersonate bank officials, pension authorities and government departments to persuade victims to install malicious applications.
He advised people not to download APK files from unknown sources and to verify any request concerning banking or pension services independently through official channels.
Police are continuing efforts to identify the perpetrators and recover the diverted funds.
