Mumbai: A major and well-organised cyber fraud has come to light in Mumbai, where more than 100 people were targeted. They were duped of nearly ₹2.7 crore under the pretext of updating gas bills. Initially this was not an isolated scam but a structured operation involving coordinated calls, deceptive messaging, and malicious mobile applications designed to siphon off victims’ money.
The fraud unfolded over the past 30 days, during which the accused specifically targeted gas consumers and applicants for new connections. Posing as representatives of a gas distribution company, the fraudsters contacted individuals and warned them that their gas connection would be disconnected if their bill was not updated immediately. The urgency and fear of service disruption were used as primary tools to manipulate victims into complying.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Malicious APK Used to Hijack Phones
What makes the case particularly alarming is the method used to gain control over victims’ mobile devices. Instead of relying solely on phishing calls or links, the perpetrators sent a malicious link that triggered the download of an APK file. Once installed, the application effectively handed over complete control of the phone to the fraudsters without the user’s awareness.
With this access, the accused were able to retrieve sensitive information including banking credentials, one-time passwords (OTPs), SMS data, and other personal details. Using this data, they executed unauthorised financial transactions within minutes. In several cases, victims realised they had been defrauded only after their bank accounts were nearly emptied.
177 Fake Bank Accounts Used to Route Funds
The investigation has revealed that the network operated using at least 177 fake bank accounts, through which transactions worth approximately ₹31 crore were routed. This points to a larger, well-coordinated syndicate that had been active for a significant period. It was handling large volumes of illicit financial activity.
Cybersecurity experts revealed that such frauds are rooted in social engineering techniques. Renowned cyber crime expert and former IPS officer Prof. Triveni Singh has repeatedly highlighted in similar cases that cyber criminals are increasingly targeting human psychology rather than technological vulnerabilities. It is created by deploying fear, urgency, and a sense of authority, they push individuals into making impulsive decisions without verification.
Unknown App Downloads Remain a Major Risk
Authorities have emphasised that downloading applications from unknown sources remains one of the biggest risk factors in such cases. Fraudsters often disguise malicious apps as billing tools, verification software, or service-related applications. In reality, these apps function as spyware, enabling continuous monitoring of user activity and extraction of sensitive data.
The situation in Mumbai was particularly severe, with multiple victims being reported even within a single day during the peak of the scam. Investigating teams are now working to identify the mastermind behind the operation and track down other members involved in the network. Efforts are also underway to determine whether similar modules are operating in other cities across the country.
Experts in cyber security have warned that such incidents are likely to increase in the coming months, especially as digital services become more deeply integrated into everyday life. The growing reliance on mobile-based transactions has made users more vulnerable to sophisticated fraud techniques.
Authorities Advise Verification Through Official Channels
Authorities have advised citizens to remain cautious and not to trust unsolicited calls or messages, particularly those that create panic or demand immediate action. Verification should always be done through official websites or authorised service channels. Additionally, users should disable the installation of apps from “Unknown Sources” and avoid clicking on suspicious links.
In case of fraud, victims are urged to immediately contact the national cyber helpline at 1930 or report the incident through the official cybercrime portal. Timely reporting can significantly improve the chances of preventing further financial loss and tracing the culprits.
