A new scam called ‘SBI Rewards’ is targeting people in India. Fraudsters are tricking individuals into downloading malicious APK files disguised as rewards from the State Bank of India, which could expose users to significant cybersecurity risks.
The PIB Fact Check post on X warned users about the potential harm of clicking unknown links or downloading files from unverified sources.
The scam begins with a seemingly innocuous text message sent to potential victims via SMS or messaging platforms like WhatsApp. Posing as a legitimate SBI notification, the message claims that users have accumulated a substantial number of “SBI NetBanking Reward Points,” sometimes valued as high as Rs. 18,000.
To redeem these points before they “expire,” the message urges users to download an app named “SBI Reward.” The tactic preys on the recipient’s fear of losing a substation reward, a psychological trick known as the “urgency principle,” which is often used to prompt hasty decisions.
Once a user follows the provided instructions and download the APK, they inadvertently expose themselves to malicious software designed to capture sensitive data.
These files may allow scammers to access the victim’s device remotely, enabling them to harvest personal data such as passwords, bank details, and other critical information without the user’s knowledge.
PIB clarified that SBI does not send reward claims or app downloads via SMS or WhatsApp. Users can visit the official SBI portal and verified contact channels for any reward redemptions.
In mid-October 2024, WhatsApp announced that it had banned over 8.4 million accounts in India for scams. In July, researchers found that the Chinese hacking group Smishing Triad was scamming Indian users via fake India Post messages.
A similar scam was discovered where a fraudulent message from the Regional Transport Office (RTO) was sent to the WhatsApp of Indian users.
In yet another scam, a woman in Bengaluru airport lost Rs. 87,000 when she attempted to access a lounge before her flight.
To protect themselves from such scams, users should avoid clicking on unverified links, download apps only from official app stores or websites, and report suspicious activity to cybercrime.gov.in.
In the News: X rolls out updated block feature amid user outcry