Cyber criminals are always coming up with new ways to cheat unsuspecting users, and a recent incident in Jabalpur, Madhya Pradesh has highlighted a terrifying new scam.
In this case, a person downloaded a photo sent from an unknown number on WhatsApp, and within moments, Rs 2 lakh was stolen from their bank account.
The Department of Telecommunications (DoT) has issued an urgent warning, and cybersecurity experts are urging people to be extremely cautious about downloading images or files from unknown sources.
How Does This Fraud Work?
The Photo Trick: The fraudster sends a seemingly innocent photo to the victim via WhatsApp or another messaging platform.
Follow-up Call: The scammer then calls the victim and asks, “Do you recognize the person in the photo?” This encourages the victim to open or download the photo.
Phone Crash: Once the victim downloads the photo, their phone crashes.
Steganography Attack: At this point, the cyber criminals gain complete control of the phone.
They are able to access sensitive information, such as OTP (One-Time Passwords), and transfer funds from the victim’s bank account without permission.
What Is Steganography?
Steganography is a technique used by cyber criminals to hide malicious code or links inside an image, video, or audio file.
This hidden code triggers the installation of harmful software when the victim opens or downloads the file.
This software then allows the fraudsters to control the phone, capture sensitive data, and steal money from the bank account.
How to Protect Yourself?
To avoid falling victim to this new form of fraud, here are some essential precautions:
Do Not Download Unsolicited Files: Never download photos, videos, or audio files from unknown numbers.
Beware of Abnormally Large Files: If the file size of a photo or video seems unusually large, do not download it.
Avoid Linking WhatsApp with Bank Accounts: If possible, try not to link your WhatsApp number directly to your bank account.
- Report Suspicious Incidents: If you experience anything suspicious, immediately report it on the Cybercrime Portal or call the 1930 helpline number.
