Cybercriminals Targeting WhatsApp Users in India on New Year

CyberDefender 4 mins0

Cybercrime units in Gujarat(India) have issued a high-risk alert about a surge in cyber fraud cases during the New Year period, particularly involving WhatsApp messages disguised as festive greetings, digital cards, or “New Year surprise” offers.

How these scams work (Step-by-Step)

  1. Festive bait
    • Messages like “🎉 Happy New Year! Click to see your greeting” or “You’ve received a New Year gift”
    • Often sent from hijacked accounts of known contacts
  2. Malicious payload
    • A clickable link, APK file, or compressed attachment
    • Some links redirect to fake websites mimicking banks, UPI apps, or courier services
  3. Silent compromise
    • Malware installs in the background
    • Permissions requested may include:
      • SMS access (to read OTPs)
      • Contacts (to spread further)
      • Screen overlay (to capture credentials)
  4. Financial & data theft
    • Attackers steal:
      • Banking and UPI credentials
      • Debit/credit card details
      • Email and social media passwords
    • In some cases, automatic fund transfers are triggered

Common Variants Seen During Festivals

  • “Gift / Courier Pending” scams
  • Fake cashback or crypto New Year offers
  • Image or video files that actually install spyware
  • Shortened links (bit.ly–type URLs) to hide malicious domains
  • Forwarded messages urging you to “share with 5 people”

Strong Safety Measures (Do This)

Message Handling

  • Do not click links or open files sent unexpectedly—even from friends
  • Verify by calling the sender before opening festive links
  • Avoid APK files entirely unless from the official app store

Device Security

  • Keep Android/iOS updated to the latest version
  • Disable “Install from unknown sources”
  • Review app permissions regularly:
    • Remove apps with excessive access
  • Use a reputable mobile antivirus / security app

Financial Protection

  • Never share:
    • OTPs
    • CVV numbers
    • UPI collect approvals you didn’t initiate
  • Enable transaction alerts with your bank
  • Set daily transaction limits on UPI and cards

Red Flags to Watch For

  • Urgent language: “Open immediately”, “Account will be blocked”
  • Poor grammar or unusual emojis
  • Links asking you to re-login to banking or payment apps
  • Requests for OTPs “for verification”
  • Messages received late night or early morning (common fraud window)

What to Do If You Clicked a Malicious Link

  1. Turn on airplane mode immediately
  2. Uninstall suspicious apps
  3. Run a full security scan
  4. Change passwords for:
    • Banking apps
    • Email
    • Social media
  5. Inform your bank/UPI provider
  6. Report the incident to:
    • Gujarat Police Cyber Crime
    • The National Cyber Crime Reporting Portal (cybercrime.gov.in)

Official Advice from Cybercrime Units

Authorities stress that festive seasons see a sharp rise in digital fraud, as users are more relaxed and trusting. Awareness and hesitation before clicking are the strongest defenses.

CyberDefender