Lucknow: The evolving tactics of cyber criminals have once again raised serious concerns over digital security in the state capital. Two separate incidents reported from the Ashiyana area highlight how fraudsters are combining technology with psychological manipulation to deceive victims. In one case, a digital wallet was compromised, while in another, a food delivery refund request turned into a costly banking fraud.
The first incident involves Bhupendra Kumar, a resident of Mohanlalganj, who fell victim to a digital wallet breach. According to the victim, on March 30, 2026, he suddenly started receiving multiple OTPs on his phone. Simultaneously, alerts regarding login attempts from another device were triggered on his Aadhaar-linked services and email account.
FCRF Launches Premier CISO Certification Amid Rising Demand for Cybersecurity Leadership
Before he could react, a total of ₹38,900 was withdrawn from his PhonePe account through four unauthorized transactions—₹15,000, ₹8,000, ₹10,000, and ₹5,900. Realizing the fraud, he immediately contacted the cyber crime helpline (1930) and filed a complaint on the official portal, uploading all relevant evidence. He also reached out to his bank to freeze further transactions and secure his account.
Preliminary findings suggest that the fraudsters may have gained access to his login credentials or intercepted OTPs, enabling them to execute the transactions swiftly.
The second case reveals an even more alarming trend, where scammers exploit popular online service platforms to trap unsuspecting users. Nigham Kumar, a resident of Sector I, Eldeco Udyan-1 in Basant Bihar, reported that he had placed a food order through an online delivery app on March 8. Due to a delay, he canceled the order and searched online for the customer care number.
This is where the trap was set. After his call went unanswered, he received a WhatsApp call from an unknown number. The caller claimed to be a customer support executive and sent a file, assuring that opening it would process the refund.
The moment the victim opened the file, malware was installed on his device. Within minutes, two unauthorized transactions were carried out, siphoning off ₹95,999 from his bank account.
Cyber experts explain that such scams often involve remote access tools or malicious APK files, which allow criminals to take control of a user’s smartphone. Once access is gained, they can retrieve OTPs, banking credentials, and other sensitive data to empty accounts.
Investigators have also noted that fraudsters frequently manipulate search engine results by placing fake customer care numbers online, making it easier to lure victims into their schemes.
Renowned cyber crime expert and former IPS officer Prof. Triveni Singh said, “Cyber criminals are now relying more on social engineering than traditional hacking. Through OTPs, links, APK files, and fake calls, they psychologically manipulate users into compromising their own security.”
Based on the complaints, cases have been registered under relevant sections, and cyber teams have begun tracing transaction trails, bank accounts, and suspicious phone numbers linked to the incidents.
Officials emphasize that vigilance remains the strongest defense in the digital age. Users are advised to avoid opening unknown links or files, verify customer care numbers from official sources, and never share OTPs or banking details with anyone.
Even a small lapse in caution, experts warn, can lead to significant financial loss.
