A Delhi-based chartered accountant lost over ₹75,000 after cyber fraudsters tricked her into downloading a malicious mobile application sent via WhatsApp, police said on Monday. Within minutes of installing the file, her phone was compromised and unauthorised online purchases worth ₹75,694 were made using her Kotak Mahindra Bank credit card.
According to investigators, the victim received a call from a person posing as a bank executive, offering to increase her credit card limit. Shortly afterwards, she was sent an APK file on WhatsApp, purportedly a bank app update. Once installed, the malware gave the accused full access to sensitive data on her device.
Police said the gang had created a fake Kotak Mahindra Bank mobile application after allegedly sourcing customer information during earlier stints with a credit card company. Using this data, they began targeting customers with calls from fake SIM cards, convincing them to download the APK under the pretext of card upgrades or limit enhancement.
After gaining control of victims’ phones and card credentials, the fraudsters placed online orders for electronic goods through delivery apps. The items were sent to Lakkarpur village in Surajkund, Faridabad, and later sold on platforms such as OLX, officers said.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
The case was registered on February 4, following which the cyber police station launched a technical investigation involving call data records, delivery tracking and device analysis. The trail led police to Faridabad, where four suspects were arrested.
The accused have been identified as Abhishek Kumar Jha (24), Ashish Kumar Ojha (23), Vivek Kumar alias Monu (37) and Ikraar (23). Four mobile phones used in the fraud were recovered from their possession. All four are being interrogated, while investigators are working to establish the wider network behind the operation.
Police officials said preliminary questioning indicates the group may have carried out similar scams in multiple states. Digital transaction records and forensic examination of seized devices are underway to identify additional victims and trace money flows.
“The accused used fake identities and burner SIM cards to avoid detection. They were careful to rotate phone numbers frequently and relied on courier deliveries and resale platforms to convert stolen funds into cash,” a senior officer said.
Authorities are also verifying whether the suspects acted alone or had logistical support from others involved in sourcing data, arranging deliveries or selling stolen goods.
The incident has once again highlighted the growing threat of APK-based cyber frauds, where victims are lured into installing apps outside official app stores. Police stressed that banks never send application files or links through WhatsApp and do not seek OTPs, CVV numbers or card details over phone calls.
Following the arrests, cyber police issued a public advisory urging residents to remain vigilant. Citizens have been asked not to download APK files from unknown sources, avoid sharing personal banking information, and immediately contact their bank’s official helpline if they receive suspicious calls.
In case of suspected fraud, victims are advised to report the matter without delay to the nearest cyber police station or dial the national cybercrime helpline 1930.
Further investigation is ongoing, with police attempting to identify other members of the racket and recover additional proceeds of crime.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
