A disturbing cyber fraud tactic is spreading fast, using fear and urgency to trick people into unknowingly handing over control of their smartphones.
Cybercriminals have introduced a new “accident alert” scam that relies on panic rather than stolen credentials. Law enforcement agencies and cybersecurity experts say the fraud is gaining ground in rural and semi-urban areas, with victims losing large sums even though they did not share OTPs, UPI PINs, or banking details.
The scam begins with a phone call claiming that a close family member has met with a serious accident. The caller promises to send photos of the injured person on WhatsApp and then abruptly disconnects. Shortly after, the victim receives what appears to be an image file. Once the file is opened, malicious software is silently installed on the device.
In a recent case from Kheda district, a farmer received such a call late in the evening. Worried about the claim, he waited for the images. When the file arrived, he opened it and briefly saw a scanner-like interface instead of a photo. Suspecting foul play, he deleted the file and switched off his phone.
Despite this, the fraud had already taken place. Hours later, an ATM visit revealed that nearly ₹50,000 had been debited from his account. Bank records showed the amount was transferred online through a UPI-based transaction. The victim later filed a complaint with the cybercrime helpline and local police.
Experts say the scam uses remote access trojans hidden inside files disguised as images, usually in JPEG format. Once opened, the malware abuses accessibility permissions, allowing criminals to monitor activity in real time. This enables access to banking apps, notifications, and transactions without the user’s knowledge.
Unlike traditional scams that depend on stealing OTPs or passwords, this method works quietly in the background. Victims often realise the loss only when they check their balance or try to withdraw cash. By then, funds are routed through multiple mule accounts to avoid detection.
Investigators say emotional manipulation is key to the scam. Messages about accidents, hospitalisation, or emergencies are designed to override judgment and prompt quick action.
Officials warn that infected phones may remain compromised even after the first theft. Some victims have reported fresh debits days later, despite changing PINs or blocking cards.
Police have urged citizens not to open unsolicited files, especially after panic-inducing calls. Any emergency claim should be verified directly with family members. Users are also advised to keep devices updated, limit accessibility permissions, and report suspicious activity immediately to banks and the national cybercrime helpline.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
