As the festive season kicks off, cyber fraudsters are deploying a new tactic to target unsuspecting bank customers: fake reward point redemption links and cashback offers that appear to come from trusted financial institutions.
According to Bengaluru police, scammers are impersonating major banks via SMS, WhatsApp, and email, offering customers a chance to redeem unused card reward points or claim festive cashback. These messages often contain malicious APK files disguised as official banking apps. Once installed, they allow remote access to the victim’s device, enabling fraudsters to steal banking credentials, OTP codes, and siphon funds.
“People are more likely to respond to attractive offers during festivals. Fraudsters exploit this urgency to trick users into sharing sensitive data,” said a senior cybercrime officer.
In some cases, victims have lost several lakhs after clicking on fake links or downloading fraudulent apps. The scam is widespread across urban centers, with reports emerging from Bengaluru, Mumbai, and Hyderabad.
Authorities urge citizens to:
- Check reward point balances only via official bank websites or apps
- Never share OTP, CVV, ATM PIN, or account details
- Avoid clicking on links from unknown sources
- Report fraud immediately via the cyber helpline 1930