Millions of people in India use WhatsApp daily. Taking advantage of this popularity, cybercriminals are constantly devising new methods to defraud people. In response to this threat, the Indian Computer Emergency Response Team (CERT-In), a subsidiary of the Government of India, has issued an important cybersecurity warning for WhatsApp users.
According to CERT-In, cybercriminals are attempting to install malware on people's mobile phones through fake files. Once activated, the malware can steal sensitive information stored on the mobile phone, such as banking details, passwords, OTPs, contact lists, and other personal data.
However, simply downloading a file doesn't always infect a phone. In most cases, the damage occurs when the user opens the file, clicks on a link, or installs a suspicious app.
🔷 Which three types of files has CERT-In asked to be cautious about?
1. Fake Invoice
Cybercriminals often send fake invoices pretending to be from a company, online shopping website, courier service, or government agency. The messages claim that your payment is pending or that an order is about to be delivered.
If the user opens the file or clicks on the link given in it without checking, he may get trapped by a phishing website or malware.
2. Fake Bank Statement
Many people are sent PDF or ZIP files on WhatsApp in the name of bank statement, KYC update or account verification.
The purpose of these files is to scare the user into opening the file quickly. Cybercriminals can then attempt to steal banking information, login details, or other sensitive data.
3. APK file
APK is the file for installing an Android app.
If someone you don't know sends you an APK over WhatsApp and asks you to install it, exercise extreme caution. Such APK files may contain malware, spyware, or banking Trojans that may attempt to gain control of your phone or steal data.
🔷 What is Malware?
Malware (Malicious Software) is harmful software designed to damage a device, steal data, or gain access to a system without permission.
It can be of different types, such as-
◆Trojan
◆Spyware
◆ Ransomware
◆Banking Malware
◆Keylogger
Their purpose is to steal the user's personal information or cause financial loss.
🔷 Follow these steps to stay safe on WhatsApp
◆Do not immediately open a file received from an unknown number.
◆Never install APK files without confirmation.
◆Verify messages from the official website or helpline for any messages from a bank, government department or company.
◆ Do not share OTP, PIN, CVV, UPI PIN or password with anyone.
◆Always keep your phone and apps updated to the latest updates.
◆ Download apps only from official sources like Google Play Store.
◆Keep Two-Step Verification enabled on WhatsApp.
◆Use reliable security features in your mobile.
🔷 What to do if you accidentally open a suspicious file?
If you suspect that you have opened a suspicious file or APK, immediately -
◆Turn off the Internet connection.
◆If you have an APK installed, try removing it.
◆Change all important passwords.
◆Notify your bank immediately if banking information has been shared.
◆Report cyber crime on the National Cyber Crime Portal.
◆If necessary, get the mobile checked by an expert.
WhatsApp is the most popular medium for communication today, but it's also being misused by cybercriminals. CERT-In's warning aims to raise awareness and alert people to be wary of fake invoices, fake bank statements, and suspicious APK files. A little vigilance can go a long way in protecting your personal information, bank accounts, and digital identity.
Remember: Always verify the authenticity of any unknown file, link, or app before trusting it. The primary responsibility for cybersecurity lies with the user themselves.
Disclaimer: This article is for general information and cyber security purposes only.
This article has been prepared for awareness purposes. The information provided is based on cyber security advisories issued by CERT-In, a government agency of the Government of India, and publicly available, reliable sources. Guidelines may change from time to time, so please confirm with the relevant organization or official source before acting on any suspicious message, file, or link. If you become a victim of cyber fraud, immediately contact your bank and file a complaint on the National Cyber Crime Portal.



Social Plugin