The wedding season in India has become a lucrative opportunity for cybercriminals, who are now exploiting the festive spirit with a new scam: Fake wedding invitations disguised as malicious files shared on WhatsApp.
According to a report published in Business Standard, an estimated 4.8 million couples are expected to wed before the end of the year, making it a prime time for scammers to exploit emotions and drain unsuspecting victims of their money.
"This wedding season, scammers are sending malicious APKs on WhatsApp, disguised as wedding invitations. Once opened, malware installs on your device, compromising your bank account," Telangana State Cyber Security Bureau warned on X (formerly Twitter).
How does the scam operate?
Explaining the modus operandi, Vikram Babbar, Partner at EY Forensic & Integrity Services - Financial Services, said, "A PDF document, often from an unknown number but with a familiar name, is forwarded on WhatsApp. When the victim opens it, the 'apk' file installs malware on their phone. This malware gains unauthorised access to sensitive data like banking apps, OTPs, and account details. Fraudsters then use this information for illicit money transfers."
Babbar added, "These scams are more common among Android users compared to those on iOS."
More From This Section
Cases reported across states
A recent case in Rajasthan highlighted the impact of this scam. A victim lost Rs 4.5 lakh after opening a fake wedding card PDF. The malware accessed the victim's bank account details, allowing cybercriminals to steal funds.
Warnings have been issued by police in Himachal Pradesh, Rajasthan, Uttar Pradesh, Telangana, and Gujarat about the growing prevalence of these scams.
Cybersecurity experts advise the public to adopt precautionary measures:
Verify invitations: Confirm with the sender or the couple directly if you receive an unexpected digital wedding invitation.
Avoid suspicious links: Do not click on unfamiliar links or download attachments from unknown sources.
Use separate payment accounts: Abhishek Saxena, Co-founder of Omnicard, recommended using digital wallets linked to secondary accounts for daily transactions. "This minimises the risk to your primary savings account," he said.
Spread awareness: Share information about such scams within your community to help others remain vigilant.
"If someone has been scammed, they should immediately report unauthorised transactions to their bank or credit card provider to prevent further misuse," said Dhiraj Gupta, Co-founder and CTO of mFilterIt. He also advised updating all passwords linked to financial and email accounts.
Rising financial losses due to cyber scams
Fake wedding card scams are just one facet of a broader issue. Babbar noted that "over Rs 1,750 crore was lost to online scams in the first four months of 2024, with fake wedding card scams on the rise in states like Maharashtra, Rajasthan, and Gujarat."
UPI-related frauds have also surged. "Rs 485 crore has already been lost to UPI frauds in the first half of the financial year 2024-25, involving 632,000 incidents. Since 2022-23, these frauds have caused losses of Rs 2,145 crore in over 2.7 million cases," said Saxena.
Collaborative efforts to combat fraud
Gupta suggested measures to combat such scams, including:
< Financial institutions and government agencies organising awareness campaigns.
< Collaboration between banks, tech companies, and regulators to share resources and data.
Regulatory bodies, including the Reserve Bank of India, continue to issue advisories to help individuals stay vigilant against emerging threats in an increasingly digital world.