A 37-year-old homemaker from Nikol in Ahmedabad has allegedly been cheated of more than ₹7.46 lakh in a sophisticated cyber fraud involving fake KYC verification messages, impersonation of bank officials, and a malicious mobile application designed to gain full access to her banking credentials.
The victim, identified as Neelam Patel, alleged that cybercriminals targeted her through WhatsApp messages claiming urgent Know Your Customer (KYC) updates for her Bank of India account. The case highlights the growing use of APK-based malware and social engineering tactics in financial cybercrime across urban India.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
Fake bank message used to trigger trust and action
According to the complaint, the fraud began on May 19, 2026, when Neelam Patel received a WhatsApp message from an unknown number claiming to be from Bank of India. The message included a link and an application file titled “BOI Pan Card Update.apk”, which allegedly allowed users to update Aadhaar and PAN details linked to their bank accounts.
Initially, the family ignored the message. However, after visiting a local bank branch and discussing it informally, they were misled into believing that the communication could be legitimate. This prompted the victim’s husband to install the application on their device.
The installation reportedly marked the turning point in the fraud.
APK file allegedly enabled full device and account access
Cybersecurity investigators believe the malicious application functioned as a data-harvesting tool, designed to extract sensitive banking credentials, intercept OTP messages, and alter account recovery settings.
Shortly after installation, the victim began receiving multiple debit alerts and OTP notifications without initiating any transactions. Further checks revealed unauthorized fund transfers from her savings account in several installments.
The stolen funds were reportedly routed through multiple channels including IMPS transfers and bill payments, making tracking more difficult.
Email ID change and account takeover deepens the breach
A key finding in the investigation is the alleged alteration of the email ID linked to the victim’s bank account. Fraudsters reportedly replaced her original Gmail ID with a different email address, effectively taking control of authentication and recovery mechanisms.
This allowed the attackers to maintain access even after initial suspicious transactions began appearing, indicating a deeper account takeover strategy rather than a one-time theft.
The total amount siphoned off is reported to include multiple transactions such as ₹1.79 lakh, ₹1.95 lakh, ₹49,500, ₹1.24 lakh, ₹25,000 (twice), and ₹1.48 lakh, cumulatively amounting to ₹7.46 lakh.
Cybercriminal network and impersonation tactics under scanner
Officials said the accused allegedly impersonated bank representatives and used psychological manipulation to build trust. The fraudsters reportedly created urgency around account security, a common tactic in KYC-related scams.
Investigators are also probing how the malware was distributed and whether similar APK files have been used in other cases in Gujarat and beyond. Preliminary findings suggest that such applications often circulate via messaging platforms and are designed to bypass basic user suspicion by mimicking official branding.
Complaint filed after detection of unauthorized transactions
After noticing repeated unauthorized debits, the victim contacted the national cybercrime helpline (1930) and subsequently filed a complaint through the National Cyber Crime Reporting Portal. The bank was also alerted to freeze account access and block further transactions.
Cyber Crime Police Station officials in Ahmedabad have registered a case and initiated an investigation. Efforts are underway to trace the WhatsApp number used to send the malicious file and identify the beneficiary accounts where the stolen money was transferred.
No arrests yet, investigation continues
As of the latest update, no arrests have been made in the case. Authorities are focusing on digital footprints, transaction chains, and device-level forensic analysis to identify the perpetrators.
The case adds to a growing number of cyber fraud incidents involving fake KYC updates and APK-based malware, where attackers exploit trust in banking systems to gain direct control over victims’ financial accounts.
Officials have urged citizens to avoid installing unknown applications and to verify all banking-related communications directly with official customer care channels before taking any action.
