A New Face of Cybercrime: Sophisticated, Personalized, and Dangerous

Cybercriminals in India are stepping up their game—moving beyond fake websites and phishing emails to sending pre-configured mobile phones with malicious apps. In one of the most shocking cases reported this year, a contractor in Hyderabad fell victim to a highly sophisticated cyber scam that cost him ₹77 lakh.

This case is not just about a scam—it’s a warning of how cybercrime is evolving into something more dangerous, harder to detect, and deeply personal.

---

The Scam: How It Happened

• The victim, a 44-year-old contractor from Madhapur (Hyderabad), was contacted by people posing as representatives of Citibank.
• They offered him a credit card with a ₹50 lakh limit, requiring just some formalities to be completed.
• As part of the “setup process,” the scammers sent him a free MI smartphone, pre-loaded with an app called “DoT Secure.”
• He was asked to insert his primary SIM card into the new phone, activate the app, and enable call forwarding for “verification purposes.”

�� The Catch: The app was not a legitimate telecom tool. It was malware, designed to silently intercept calls, SMS messages (especially OTPs), and access banking apps.

---

The Loss

• Within just 24 hours, the scammers had accessed his internet banking account and transferred ₹77 lakh to multiple beneficiary accounts.
• Because of call forwarding and SMS hijacking, the victim received no transaction alerts—realizing the fraud only after the money had been drained.
• He immediately reported the incident to the Cyber Crime Bureau.

✅ Partial Recovery: Authorities managed to recover ₹8 lakh, but the majority of the funds remain untraced.

---

Where Did the Scam Originate?

• The Cyberabad police traced the main suspect to West Bengal.
• The criminal had stopped using their SIM after the fraud and may have used dummy identities and burner accounts.
• Investigation is ongoing, with hopes of identifying other members of the cyber fraud ring.

---

Why This Scam is Different—and Dangerous

This case highlights an alarming new trend in cybercrime:

Old Scam Tactics	New Evolution
Phishing emails	Pre-installed malware on phones
Fake loan apps	Devices shipped to victims
SIM swapping via social engineering	Remote access via fake apps

The scam relied on a combination of social engineering, malicious software, and remote control—making it far more sophisticated than typical online frauds.

---

What Is “DoT Secure”?

Despite sounding official, “DoT Secure” is not authorized by the Department of Telecommunications. The app was likely designed to:

• Read messages and notifications
• Forward calls/SMS silently
• Access banking apps
• Send data to remote servers

⚠️ Pro Tip: Always check the legitimacy of apps claiming to be from government agencies before installing them.

---

How to Protect Yourself from Similar Attacks

✅ DOs:

• Verify any financial offers directly from the bank’s official website or app.
• Install apps only from the Google Play Store or Apple App Store.
• Use strong passwords and 2FA (two-factor authentication) for all financial accounts.
• Check your bank account regularly for unusual activity.

�� DON’Ts:

• Never insert your SIM card into a device received from an unknown source.
• Don’t install apps from third-party links, especially over WhatsApp or SMS.
• Avoid giving remote access to any support agents or unknown representatives.
• Never enable call forwarding unless you understand why and to whom it’s being directed.

---

Authorities Speak Out

Cybercrime officials warn that this type of attack is on the rise, particularly targeting:

• Business owners
• High-net-worth individuals
• Elderly or less tech-savvy users

Government agencies are planning new security regulations, including:

• Making pre-installed apps removable on new devices.
• Mandatory vetting of smartphone OS updates for hidden vulnerabilities.