In an era where a simple emoji or a festive GIF is the standard way to ring in the New Year, the Telangana Cyber Security Bureau (TGCSB) has issued a chilling reminder: that heart-warming greeting from a "friend" might actually be a digital Trojan Horse.
As the city gears up for 2026 celebrations, a sophisticated wave of "Greeting Scams" is sweeping through WhatsApp and Telegram. Unlike traditional scams that rely on greed or fear, these attacks exploit something far more dangerous—, festive trust.
A TGCSB advisory highlights a terrifyingly simple mechanism. Users receive a message, often from a trusted contact whose own account has already been compromised, with a link promising a "special personalised greeting", a "New Year gift" or an "SBI year-end reward".
The moment a user clicks, the trap is sprung. Instead of a festive animation, the link triggers the silent installation of a malicious APKor Android Package Kit file. Once this malware nests in your phone, it doesn't just steal data; it effectively "kidnaps" your device.
According to cyber experts, these malicious files grant hackers near-total control over the victim's digital life.
The malware can read incoming SMS messages, allowing hackers to bypass two-factor authentication for bank transfers.
The hackers take over the victim's WhatsApp account to forward the same malicious link to everyone in their contact list, continuing the cycle of infection.
Your photo gallery, contacts, and even your microphone can be accessed remotely, leading to potential extortion or identity theft.
The most effective part of this scam is its social engineering. Because these links are forwarded within family groups and office chats, the usual "stranger danger" alarm bells don't go off.
"People believe they are opening a greeting card, but in reality, they are handing over the keys to their bank account," Shikha Goel who heads the Bureau has said.
How to stay safe: The TGCSB Protocol
To ensure your New Year starts on a high note rather than a legal one, the TGCSB urges citizens to follow these pointers:-
- Never click on links: Avoid all unknown links in greetings, gifts, or offers, even from friends.
- Block apk files: Do not install any applications sent privately through messaging apps.
- Enable 2fa: Turn on two-step verification on whatsapp to prevent account hijacking.
- Update officially: Only download updates or apps from the official google play store or apple app store.
- Disconnect immediately: if you click a link, turn off the internet, uninstall suspicious apps, and notify your bank
Reporting Cybercrime
If you or someone you know falls victim to such a fraud, the TGCSB emphasises the "Golden Hour" rule, reporting within the first hour of a transaction increases the chances of freezing the funds.
Dial 1930 immediately And Register complaints at www.cybercrime.gov.in.
Stay vigilant, stay secure, and let your New Year's resolutions include better digital hygiene.
Track Latest News Live on NDTV.com and get news updates from India and around the world
