Cyber Fraud Alert: Loan Rejected but ₹12 Lakh Credited to Account, Thieves Steal ₹9 Lakh Using New Scam Tactic

In a shocking case of cyber fraud from Hyderabad, a man applied for a bank loan but was rejected. However, just days later, he received a message claiming ₹12 lakh had been credited to his bank account. What seemed like a stroke of fortune turned out to be an elaborate cyber scam, resulting in the theft of ₹9 lakh from his account.

How the Scam Worked

According to a report by TOI, a 40-year-old man from Hyderabad applied for a loan, but the bank rejected his application. Shortly after, he received a message stating that ₹12 lakh had been credited to his account. Trusting the message, the victim inadvertently downloaded a malicious APK file sent by fraudsters posing as bank representatives.

Once the APK was installed on his phone, the cybercriminals gained remote access to his device. They exploited this access to add four new beneficiaries to his bank account without his knowledge. Within hours, the fraudsters transferred ₹9 lakh from his account, leaving the victim in shock.

Interestingly, the ₹12 lakh never actually reached his bank account. Instead, it was a ploy to grab his attention and trick him into installing the malware, providing the scammers a backdoor to his personal information.

Why Do Scammers Fake Incoming Credits?

When a loan application is rejected, account holders rarely expect any further updates from the bank. Fraudsters now exploit this trust by sending fake SMS alerts that mimic official bank messages. These fraudulent alerts create a false sense of urgency or luck, prompting victims to engage, often by downloading apps or sharing sensitive data like OTPs and passwords.

In this Hyderabad case, authorities believe the APK installation was the key step that allowed the fraudsters full access to the victim’s account and personal data.

The Evolving Tactics of Cyber Thieves

Modern cybercriminals have become more sophisticated than ever. Instead of brute-force hacking, they now use social engineering techniques to extract sensitive information from victims. Fraudsters typically use phone calls, SMS, or phishing emails to deceive account holders into revealing OTPs, passwords, or installing harmful apps.

Many such fraudulent transactions happen on weekends when banks are closed, delaying the victim’s ability to report the crime or block further transactions.

How to Protect Yourself from Such Scams

Experts advise the following safety measures to safeguard against cyber fraud:

• Never share OTPs, passwords, or sensitive data in response to calls or messages claiming to be from banks.

• Install trusted antivirus software on smartphones and computers.

• In case of any unexpected credit in your account, contact your bank immediately for verification.

• Use strong, unique passwords for internet banking and update them regularly.

• Always use official banking apps or websites for transactions.

• Be cautious of any APK or unknown app download requests sent via SMS or email.

What to Do If You Fall Victim

If you suspect your account has been compromised, take these immediate actions:

1. Contact your bank to report the unauthorized transaction.

2. File an FIR at the nearest police station.

3. Approach the cybercrime cell for specialized support.

4. Carefully review your account transaction history to identify any other suspicious activities.

Often, banks can reverse a portion of the fraudulent transactions, but timely action is critical to improving the chances of recovery.