Cybercrime
Courier Booking Turns Into ‘APK Trap’: Retired Army Officer Loses Lakhs in Cyber Fraud
In a chilling reminder of the growing sophistication of online fraud, a retired Army officer from Chandigarh reportedly lost more than ₹12 lakh after falling victim to a cyber scam disguised as a courier service transaction. Authorities say the incident involved a malicious APK file that compromised his banking credentials, enabling cybercriminals to siphon off funds through unauthorized transactions.
Routine Courier Booking Turns Into Costly Trap
Colonel Rajbir Singh Duggal, 82, was attempting to send a parcel from Chandigarh to Pune when the scam unfolded. While searching online for the contact number of a well-known courier company, he reportedly called a number that appeared legitimate. The person on the other end claimed to be a company executive and guided him through the booking process.
During the conversation, he was instructed to make a small online payment of ₹10 to confirm the pickup. After initially encountering a failed transaction on his SBI account, he completed the payment via his HDFC credit card.
Shortly afterward, the caller directed him to download a mobile application via a link shared on WhatsApp, claiming it was necessary to complete the courier request. Trusting the instructions, the retired officer installed the APK file on his smartphone.
How Malicious APK Files Exploit Mobile Devices
Cybersecurity investigators revealed that the APK file was malware engineered to access sensitive information on the victim’s device. Once installed, the software obtained permissions that allowed it to monitor SMS messages, notifications, and on-screen activity.
Experts note that malicious applications often exploit Android’s accessibility settings. Once granted, these permissions let attackers intercept one-time passwords (OTPs), capture banking credentials, and even conduct financial transactions without the user’s knowledge. In this case, the fraudsters reportedly used stolen OTPs and account details to transfer over ₹12 lakh across multiple accounts.
Expert Warnings: Verify Contacts and Avoid Unknown Apps
Cybercrime specialists stress that scams of this nature combine technical tricks with social engineering. Prof. Triveni Singh, former IPS officer and cybercrime expert, warns that APK files circulated via messaging apps under the guise of courier services or delivery updates can be extremely dangerous.
Experts advise verifying all service contacts directly through official websites or verified mobile apps. They also emphasize that APK files from unknown sources should never be installed, as they can provide attackers full access to personal and financial information stored on smartphones.
Staying Safe in the Digital Age
The incident serves as a stark reminder of the importance of vigilance in online interactions. Avoiding suspicious links, confirming official contacts, and refusing to download unfamiliar applications remain the most effective defenses against cyber fraud.
As mobile banking and digital transactions become increasingly common, experts urge users of all ages to exercise caution and educate themselves about potential online threats.