The Telangana Cyber Security Bureau (TGCSB) has exposed a new and dangerous cybercrime modus operandi involving fraudsters sending victims fake ‘DoT-verified’ smartphones preloaded with malware designed to hijack one-time passwords (OTPs). This scam tricks people by exploiting their trust in banks and government agencies, causing significant financial losses.
How the Scam Works
Victims receive phone calls from conmen impersonating bank executives who entice them with offers of premium credit cards boasting exclusive benefits. They insist on ‘Department of Telecommunications (DoT) verification’ as part of the process. Days after the call, the victim receives a neatly packed smartphone, complete with fake bank stickers and a counterfeit “DoT Secure” icon, adding to its illusion of authenticity.
Unbeknownst to the victims, these phones come preloaded with a hidden SMS-forwarding app that silently diverts OTPs and messages to fraudsters once the victim inserts their SIM card. This gives the fraudsters access to banking accounts and sensitive information.
Real-Life Impact
In one reported incident, a Hyderabad resident lost a staggering Rs. 77 lakh in less than 24 hours after falling victim to this scam. The victim only realized that something was wrong when SMS alerts stopped coming to his secondary SIM card.
Shikha Goel, Director of TGCSB, warned about this troubling evolution in cyber fraud, stating: “Fraudsters are hijacking OTPs and banking access by tricking people into inserting SIMs into compromised devices. Citizens must be extremely cautious.” She advised people to stay alert and not allow fraudsters to hijack their bank accounts by compromising their SIM cards.
TGCSB Safety Advisory
The Telangana Cyber Security Bureau has issued safety guidelines to protect citizens from this scam. These include being wary of unsolicited phone calls, avoiding inserting SIM cards into unfamiliar devices, verifying official communications independently, and reporting suspicious activities to authorities immediately.
