SBI, ICICI Bank, and AU Small Finance Bank Warn Customers About APK Fraud
As digital banking gains popularity, fraudsters are continually developing new methods to deceive customers. This rise in banking-related scams has led several major banks in India, including the State Bank of India (SBI), to alert their customers about these fraudulent activities and provide tips on how to protect themselves. For instance, SBI recently issued a warning about a scam involving the distribution of an Android Application Package (APK) disguised as a way to redeem SBI reward points, along with advice on how to avoid such scams.
Here are some of the common frauds that major Indian banks have been warning their customers about, and ways to stay safe:
What is an APK?
In the Android ecosystem, users can install third-party applications, which, while convenient, also allow hackers to exploit devices by distributing malicious APKs or by altering legitimate apps.
How APK Fraud is Carried Out
According to AU Small Finance Bank:
- Hackers persuade victims to install malicious APKs on their devices using social engineering tactics.
- Upon installation, victims receive warnings about the dangers of installing apps from unknown sources and see requests for extensive permissions (e.g., camera, microphone, location, contacts, SMS).
- Once installed, the hacker gains access to and control of the infected device, enabling malicious activities.
Tips to Avoid APK Fraud
- Be wary of APK files that seem invalid or are unusually small in size.
- If an APK demands numerous permissions, it should be removed immediately.
- Use antivirus software to detect harmful APK files.
- Only install apps from trusted sources like the Google Play Store.
- Regularly reboot your phone and clear background apps to disrupt hacker connections.
SBI posted on social media: “Fraudsters are sending APKs and messages over SMS or WhatsApp for redeeming SBI reward points. SBI will never share links or unsolicited APKs over SMS or WhatsApp. Do not click on any such links or download unknown files.”
ICICI Bank’s Warnings
ICICI Bank has warned customers about fraudulent links and programs sent via email, WhatsApp, and other platforms. The bank emphasizes that it never sends messages asking customers to call a specific number or download an application.
Axis Bank’s Alert on Task-Based Fraud
In March 2024, Axis Bank customers reported unauthorized transactions and receiving OTPs for transactions they did not initiate. Axis Bank advises customers to stay vigilant against investment or task-based fraud by verifying sources, thoroughly researching, and never sharing sensitive information online.
Punjab National Bank (PNB) Alerts
PNB has cautioned customers about fake calls and SMSs from individuals pretending to be bank officials to promote fake products. PNB clarified on its website that it does not make unregistered telemarketing calls or send SMSs to solicit life insurance or other products.
General Precautions to Safeguard Against Banking Frauds
- Avoid clicking on links or downloading files from unknown sources.
- Be cautious of unsolicited messages or calls requesting personal or financial information.
- Regularly update and use security software on your devices.
- Verify the authenticity of messages or emails claiming to be from your bank by contacting the bank directly through official channels.