A retired IT professional who has been creating awareness about cyber fraud threats for years was himself allegedly duped of around Rs 2.5 lakh by cybercriminals. “I was under tremendous stress that day due to a personal urgency, and the fraudsters targeted me in the exact timeframe when I was expecting a similar call,” explained the complainant, a Santacruz resident. “The balance in the account was a small amount, so I was not worried initially. But I realised later that the fraudsters had managed to get an instant loan issued on my account, duping me of a much larger amount,” he added.
The fraudsters used most of the defrauded amount to pay credit card bills. Representation Pic/iStock
“Most of the defrauded amount was used to pay credit card bills,” said a police officer. A cyber cop told mid-day, “Cyber fraudsters have become very advanced with the kind of consumer data they possess. The best practice to keep oneself secure from threats like these is to avoid responding to phishing links, calls from unverified numbers, and, most importantly, not installing .APK files from unreliable third-party sources. In case a person suspects a fraud has happened with them, they should immediately register a tele complaint on 1930 followed by a visit to the nearest police station.”
How fraud unfolded
According to the complainant, he had applied for a name change request for his electricity connection with Tata Power on April 3, 2026. Following this, he received an acknowledgement and was told by a company staffer that he would receive a confirmation call once the change was done. A SMS update notified him on April 6 that the change had taken effect. On April 14, a man identifying himself as a Tata Power official allegedly contacted the complainant over a WhatsApp call, asking for confirmation of e-KYC data, insisting that “this is a confirmation call to close the name change”.
G Vimal Kumar, cybercrime expert
The complainant believed the caller’s claims as the latter possessed exact information about his electricity connection, including the newly issued consumer number and address. The complainant stated that, being occupied with a stressful situation that day, he didn’t think it through and proceeded to install a .APK file on the instructions of the caller, only to receive debit messages from his bank.
Expert Speak
G Vimal Kumar, chief technology officer at Cyber Privilege, said, “We have consistently observed that most cyber fraud victims are not compromised due to technical weakness [a lack of technical knowledge] but due to avoidable exposure and misconfigured privacy settings. Attackers depend on unsolicited access to build trust, create urgency, and manipulate victims; By eliminating unknown interactions, users disrupt the attack lifecycle at its earliest stage.”
Case snapshot
Time of occurrence: 5.30 pm
Fraud amount: Around R2,50,000 (Bank account balance + instant loan facility)
Cause: Installation of a dubious .APK file
Tata Power’s advisory
Tata Power recently sent an SMS to its consumers, stating, “Alert: We never ask for KYC via SMS, WhatsApp, or calls. If you receive such messages, consider them fraud. Avoid clicking links or sharing details”
Details about the fraudster
Fake name and designation: Gajendra Singh Rao, Tata Power official
Phone numbers used- 82749*****, 82828*****
File name: TataPower.APK
(As per the complainant)
The expert recommends...
For WhatsApp: Silencing unknown callers, restricting messages from unknown accounts, limiting group additions to contacts only, and restricting last seen/profile photo to contacts only
Enabling two-step verification (2FA PIN): Adds a PIN layer beyond OTP, protecting against SIM swap or OTP compromise for WhatsApp account takeovers
Disabling link previews: Stops automatic loading of link previews, reducing metadata exposure and surveillance risks from malicious links
Enabling IP address protection in calls: Masks your IP during calls, preventing network tracking and location inference by potential fraudsters.
Important privacy settings
For WhatsApp:
Silencing unknown callers, restricting messages from unknown accounts, limiting group additions to contacts only, and restricting last seen/profile photo/about to contacts only
Enabling two-step verification (2FA PIN):
Adds a PIN layer beyond OTP, protecting against SIM swap or OTP compromise for WhatsApp account takeovers
Disabling link previews:
Stops automatic loading of link previews, reducing metadata exposure and surveillance risks from malicious links
Enabling IP address protection in calls:
Masks your IP during calls, preventing network tracking and location inference by fraudsters
April 14
Day crime occurred
0 Comments