...
...
Next Story

Retired Colonel loses 12 lakh to cyber fraudsters

They made him install an APK file after he got in touch with them while searching for a courier firm’s number online; an FIR has been registered an a probe is going on

Published on: Mar 17, 2026 08:54 AM IST
Advertisement

Chandigarh: An 82-year-old retired army officer lost 12.05 lakh to cyber fraudsters who posed as courier service executives and tricked him into downloading a malicious APK file to hack his phone, police said.

Police said that after installing the file, the victim’s phone was compromised. (HT File)
Police said that after installing the file, the victim’s phone was compromised. (HT File)

Col Rajbir Singh Duggal (retired), a resident of Victoria Enclave in Sector 50-C, stated in his complaint to the cyber crime police station in Sector 17 that he searched for a courier company’s contact number online as he had to send a parcel to Pune. Spotting a number on Google, he dialed it and spoke to someone who asked him to pay 10 for booking a parcel pickup.

Police said the complainant initially attempted to make the payment through his State Bank of India’s (SBI) account but the transaction failed. He later made the payment using his HDFC Bank credit card. The caller informed him that the parcel would be picked up on the same day. As the parcel was not collected even the next day, the complainant dialed that number but the calls were repeatedly diverted to an automated process.

Col Duggal informed the bank and also lodged a complaint through the national cyber crime portal before approaching the cyber crime police station. The police have registered an FIR under Sections 318(4) (cheating), 319(2) (cheating by personation), 336(3) (forgery), 338 (forgery ), 340(2) (forging a document) and 61(2) (criminal conspiracy) of the Bharatiya Nyaya Sanhita (BNS) against unknown persons.

What an APK file is

An APK (Android Package Kit) is a file format used to install applications on Android phones. It works like an installer file (similar to .exe files on Windows). Normally, apps are safely downloaded from official platforms, such as the Google Play Store, where they are checked for security. However, APK files can also be shared through links on WhatsApp, Telegram, SMS or websites. These files are not verified and may contain malicious software.

What cyber fraudsters do?

Fraudsters send a message having APK file link, claiming it is for something important, such as KYC update, bank verification, courier delivery, electricity bill payment, government scheme registration.

While installing, victims have to authorise access to SMS, contacts, screen viewing, etc., enabling the malicious app to read one-time passwords, monitor banking apps, record screen activity and capture passwords or PINs. In some cases, the fraudsters remotely operate the phone.

Using stolen OTPs or banking access, criminals transfer money from the victim’s bank account or digital wallet.

 
SHARE THIS ARTICLE ON
Hindustantimes wants to start sending you push notifications. Click allow to subscribe