Kolkata: A 67-year-old resident of Salt Lake in Kolkata was allegedly defrauded of ₹9.58 lakh in a sophisticated KYC update scam in which cybercriminals impersonated bank officials and tricked him into installing a malicious application on his mobile phone, police said.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Fake Bank Call Used to Build Trust
The incident occurred on April 27 when the victim received a call from a person claiming to represent a private bank where he held an active account. The caller allegedly stated that his KYC details needed urgent verification and transferred the call to another individual who introduced himself as a senior manager named Akash Verma based in Mumbai.
Investigators said the accused then persuaded the victim to share sensitive banking credentials and subsequently sent a WhatsApp message containing an APK file titled ‘CUSTOMER SUPPORT P15.apk’, instructing him to install it under the guise of verification and technical assistance.
Malicious APK Gave Fraudsters Remote Access
Once installed, the malware allegedly granted remote access to the device, allowing fraudsters to monitor banking activity, bypass security checks, and initiate unauthorized transactions across multiple accounts.
Police said multiple fixed deposits were broken and funds were transferred in several transactions between April 27 and April 28. A total of ₹8 lakh was withdrawn from one account and ₹50,000 from another, leading to cumulative losses of ₹9.58 lakh. The victim discovered the fraud after checking his bank statements and visiting an ATM.
He subsequently lodged a complaint via the national cyber helpline 1930 and approached authorities. An FIR has been registered against unidentified individuals for cheating, impersonation, and cybercrime. Officials have urged citizens to avoid installing APK files received from unknown sources or sharing sensitive banking details over calls or messaging apps.
Experts Flag Rise in Social Engineering Scams
Cybercrime expert and former IPS officer Professor Triveni Singh stated that modern frauds rely heavily on psychological manipulation rather than technology alone. He said criminals build trust by posing as bank officials or technical support executives and then create urgency or fear to push victims into making mistakes without verification.
He added that APK-based attacks and fake customer care setups have become increasingly common in India, where search engine manipulation and messaging platforms are used to target elderly users and first-time digital banking customers. Experts advise verifying all financial communication through official bank websites only.
Authorities are continuing the investigation to trace the money trail and identify beneficiaries involved in the network. Officials have reiterated that rapid reporting through helpline 1930 significantly increases the chances of blocking fraudulent transactions before funds are further transferred through layered accounts.
Spoofed Helplines and Fake Apps Deepen Threat
Cybercriminals are increasingly exploiting publicly available information, fake search listings, and spoofed helpline numbers to impersonate legitimate banking representatives. These fraudulent setups are designed to mislead users who search customer care numbers online, often directing them to controlled call centers operated by organized cybercrime groups.
Once malware or remote access applications are installed, fraudsters can mirror mobile screens, intercept one-time passwords, and manipulate banking apps in real time. This allows them to bypass basic security protections before the victim becomes aware of unauthorized activity.
