Phone Cloned, OTPs Forwarded: How Delhi Techie Lost ₹1.3 Lakh from Two Credit Cards in Cyber Scam

New Delhi: In a concerning case of cyber fraud, Nishant, an engineer from Delhi-NCR working at an MNC in Noida, lost ₹1.3 lakh after falling victim to a sophisticated hacking scam on Wednesday. ordeal began when Nishant applied for a PNB credit card online, only to receive a call next day from someone posing as a PNB representative, asking him to complete a video KYC (Know Your Customer) process.

caller, who was actually a hacker, sent Nishant a link via SMS under pretense of conducting video KYC. When Nishant ed on link, his phone was instantly compromised, unknowingly sharing his screen with hacker. situation worsened when hacker sent an APK file that was automatically downloed via WhatsApp, giving hacker full control over Nishant’s device.

Realizing something was amiss, Nishant quickly disconnected call. However, damage h alrey been done. hacker gained access to OTPs from Nishant's accounts with HSBC and IndusInd Bank, which were automatically forwarded to anor number. hacker n used se OTPs to log into various financial apps, including IndusInd Bank and Paytm, and siphoned off over ₹1.3 lakh through small transactions to platforms like Paytm, Razorpay, Lazypay, MobiKwik, and Freecharge.

"I immediately reported fraudulent activity to banks and got my cards blocked,” Nishant recounted. “ hacker h all my information, including that I h applied for a PNB card, and even knew my parents' names. This convinced me he was a genuine employee. But as soon as he asked for video KYC on Google Meet, I suspected something was wrong. Unfortunately, by time I realized it was a scam, it was too late.”

In a panic, Nishant and his wife spent hours trying to report fraud by calling government's cyber crime helpline at 1930, but y were unable to connect as all representatives were busy. online portal, cybercrime.gov.in, also failed to lo initially. Desperate, Nishant went to cyber police station in Dwarka, Sector 17, where he was able to file a complaint after a long wait. However, police vised him to keep trying to report issue on helpline. It wasn't until 1 AM that ir call to 1930 finally connected.

Expert vice on Preventing Cyber Fraud

In response to this alarming incident, Republic spoke with Nishikant Ojha, a cyber security expert, to gar vice on how individuals can protect mselves from such scams and what steps to take if y become victims.

“se s of attacks are categorized under financial fraud, where hackers use APK files—application files for Android devices. se files are often sent via SMS or WhatsApp and are encrypted to avoid detection. Once APK file is downloed, it compromises device, giving hackers control over operating system and access to personal data, including financial credentials,” Ojha explained.

Ojha emphasized need for vigilance when receiving unsolicited messages or links, especially those claiming urgency or offering incentives. “ APK fraud scheme often starts with messages that seem harmless but are actually loed with malware. Once link is ed, malware is installed, and hackers can mirror your phone, intercept OTPs, and even make transactions without your direct authorization.”

Precautions to Take:

• Enable Two-Factor Auntication: Always use two-factor auntication (2FA) for banking apps and or sensitive accounts.
• Install Blockers: se can prevent pop-ups that may carry malicious links.
• Use Anti-Virus Software: Ensure that your phone has robust anti-virus protection to detect and block potential threats.
• Be Cautious with Links: Never on links from unknown sources, especially those received via SMS or social media.
• Monitor OTPs: If you receive an OTP without initiating a transaction, be immediately alert and report it to your bank.

Steps to Take After Being Scammed:

• Switch Off Your Phone: This can help break hacker’s access to your device.
• Uninstall Suspicious Apps: Check for and remove any apps that you did not install.
• Report to Law Enforcement: File a complaint with cybercrime cell and provide all relevant details.
• Contact Customer Support: Immediately notify your bank and request m to block any furr transactions.

Ojha also stressed need for banks to opt more secure transaction methods and AI-based algorithms to detect and prevent fraudulent activities. “Banks often place responsibility on customer, arguing that y installed malicious software. However, with vancements in hacking techniques, banks need to recognize that tritional OTP-based security is no longer foolproof. y should take proactive measures to safeguard customer funds and ensure that transactions are thoroughly vetted.”

Do Victims Get Refunded? Who Is Liable?

"In some cases, banks may refund stolen money if y are proven to be at fault, but quick action is crucial. Reporting fraud within half an hour of incident significantly increases chances of recovering funds, as banks can freeze transactions for furr investigation," cyber security expert, Nishikant Ojha said.