Think before you click: A seemingly innocent WhatsApp wedding invite could be a scam

TNN / Updated: May 7, 2025, 15:17 IST

Text Size

Small
Medium
Large

Lucknow residents are falling prey to a new cyber scam involving wedding invitation links on WhatsApp. These links contain APK files that install spyware, granting criminals access to bank details, OTPs, and personal data. Victims have reported significant financial losses after clicking on these unverified links, highlighting the dangers of downloading files from unknown sources.

Think before you click: A seemingly innocent WhatsApp wedding invite could be a scam

Image used is for representational purposes only

LUCKNOW: Think twice before clicking on a wedding invitation link received on WhatsApp from an unknown number as it could cost you your entire bank balance. Cyber criminals are using a new tactic involving Android Application Package (APK) files disguised as wedding cards to hack into users' phones and steal sensitive data.In a recent case reported by Cyber Crime Cell in Lucknow, Ratnesh, resident of Jankipuram, fell victim to the scam.

Operation Sindoor

He received a wedding card link via WhatsApp from an unfamiliar number. Unaware of the peril, Ratnesh clicked on the link and moments later, received an alert of Rs 40,000 being debited from his bank account. It was only after the money was gone that he realised he had been duped.Two other similar cases were reported in the city, but the victims have not lodged FIR yet. According to in charge of the Cyber Crime Police Station, Brajesh Kumar Yadav, the APK file sent through wedding card link is actually a spyware application designed to operate on Android devices. "Once installed, it allows fraudsters to access everything — from bank details and OTPs to personal files and contacts," said Yadav.He added, "Spyware hijacks the phone's functions, including camera, microphone, GPS and messaging system. It can remotely extract information without the user's knowledge, leaving him with a functional phone silently under the control of cyber criminals. The scam also gives fraudsters access to photos and contact lists."

He said no matter how harmless a message appears, never download files or applications from unverified contacts. Former IPS and Cyber Expert, Triveni Singh, said "While APK files are not inherently dangerous, their safety depends largely on the source. APK files downloaded from the Google Play Store are generally secure due to the platform's stringent vetting process. However, files from unknown or untrusted sources can contain malicious code that can harm the device or compromise the user's data," said Singh.

End of Article