A shocking case of cyber fraud has surfaced from Bareilly, Uttar Pradesh, where a simple complaint about a delayed parcel turned into a costly mistake for a woman. Cyber criminals, posing as fake customer care representatives, sent an APK file via WhatsApp. The moment it was downloaded, the victim’s mobile phone was hacked, and within minutes, ₹5.25 lakh was siphoned off from her bank account.
The victim, Manju, a resident of Karmchari Nagar Officers Colony in the Izzatnagar area, stated that she had ordered goods from an online shopping website. The delivery was scheduled for April 19 but did not arrive on time. To track the parcel, she searched for a customer care number online and called it—this single step triggered the entire fraud.
Fake Customer Care Gains Trust
The person on the call introduced himself as a customer care executive and spoke convincingly, assuring her that her complaint would be resolved. During the conversation, he collected basic details and then sent an APK file via WhatsApp, claiming it was a “complaint/support app.”
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Trusting the process, the victim downloaded and opened the file. Experts say such APK files often contain malware that grants remote access to the device, allowing criminals to control the phone and access sensitive data, including banking apps and messages.
₹5.25 Lakh Withdrawn Within Minutes
As soon as the phone was compromised, the fraudsters acted swiftly. They executed five rapid transactions and withdrew a total of ₹5.25 lakh from her account. The speed of the operation left no time for the victim to react. By the time she realized something was wrong, her account had already been drained.
She immediately reported the incident on the National Cyber Crime Reporting Portal (NCRP). A formal complaint has also been registered at the cyber crime police station, and an investigation is underway.
Probe Intensifies Using Digital Evidence
Investigators are now analyzing call records, bank transaction trails, and digital footprints to trace the accused. Initial findings suggest that this is not an isolated case but part of a larger, organized network targeting victims through fake customer care scams and malicious APK files.
Cyber experts explain that once malware is installed through such files, it can monitor user activity, capture OTPs, passwords, and even allow screen access—making it easy for criminals to carry out financial fraud.
A Growing Pattern in Cyber Fraud
This case highlights a worrying trend where cyber criminals exploit everyday services like parcel delivery, banking, and customer care. By placing fake numbers on search engines, they build trust and then execute technically sophisticated frauds.
Renowned cyber crime expert and former IPS officer Prof. Triveni Singh said, “Cyber criminals today rely heavily on social engineering to exploit human trust. APK-based attacks give them direct control over devices, allowing financial theft within minutes. Awareness and vigilance remain the strongest defense.”
How to Stay Safe
Experts advise verifying customer care numbers only through official websites or apps. Never download APK files or click on unknown links received via WhatsApp or other platforms.
Users should never share banking details, OTPs, or allow screen sharing with unknown individuals. Any request to download an app should be carefully verified, and only official app stores should be used.
Awareness is the Best Defense
This incident serves as a stark reminder that even a small lapse in judgment can lead to major financial losses in the digital world. While online services bring convenience, they also open new doors for cybercrime.
Authorities emphasize that strict action is being taken against such criminals, but public awareness remains the most effective safeguard. Staying alert and cautious is the key to avoiding such traps.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
