Cybercrime units in Gujarat(India) have issued a high-risk alert about a surge in cyber fraud cases during the New Year period, particularly involving WhatsApp messages disguised as festive greetings, digital cards, or “New Year surprise” offers.
How these scams work (Step-by-Step)
- Festive bait
- Messages like “🎉 Happy New Year! Click to see your greeting” or “You’ve received a New Year gift”
- Often sent from hijacked accounts of known contacts
- Malicious payload
- A clickable link, APK file, or compressed attachment
- Some links redirect to fake websites mimicking banks, UPI apps, or courier services
- Silent compromise
- Malware installs in the background
- Permissions requested may include:
- SMS access (to read OTPs)
- Contacts (to spread further)
- Screen overlay (to capture credentials)
- Financial & data theft
- Attackers steal:
- Banking and UPI credentials
- Debit/credit card details
- Email and social media passwords
- In some cases, automatic fund transfers are triggered
- Attackers steal:
Common Variants Seen During Festivals
- “Gift / Courier Pending” scams
- Fake cashback or crypto New Year offers
- Image or video files that actually install spyware
- Shortened links (bit.ly–type URLs) to hide malicious domains
- Forwarded messages urging you to “share with 5 people”
Strong Safety Measures (Do This)
Message Handling
- Do not click links or open files sent unexpectedly—even from friends
- Verify by calling the sender before opening festive links
- Avoid APK files entirely unless from the official app store
Device Security
- Keep Android/iOS updated to the latest version
- Disable “Install from unknown sources”
- Review app permissions regularly:
- Remove apps with excessive access
- Use a reputable mobile antivirus / security app
Financial Protection
- Never share:
- OTPs
- CVV numbers
- UPI collect approvals you didn’t initiate
- Enable transaction alerts with your bank
- Set daily transaction limits on UPI and cards
Red Flags to Watch For
- Urgent language: “Open immediately”, “Account will be blocked”
- Poor grammar or unusual emojis
- Links asking you to re-login to banking or payment apps
- Requests for OTPs “for verification”
- Messages received late night or early morning (common fraud window)
What to Do If You Clicked a Malicious Link
- Turn on airplane mode immediately
- Uninstall suspicious apps
- Run a full security scan
- Change passwords for:
- Banking apps
- Social media
- Inform your bank/UPI provider
- Report the incident to:
- Gujarat Police Cyber Crime
- The National Cyber Crime Reporting Portal (cybercrime.gov.in)
Official Advice from Cybercrime Units
Authorities stress that festive seasons see a sharp rise in digital fraud, as users are more relaxed and trusting. Awareness and hesitation before clicking are the strongest defenses.
