How Fraudsters are Making their Way into your Group Chats and How you can Stay Safe from them

Our parents and grandparents might have told us stories about how they used telegrams as a way to communicate back in the day. One would have to fill out a form at the telegraph office and pay by the word count. The instant messaging of today was a far and unimaginable reality.

Messaging apps and the chat feature in payment apps are built to offer convenience in communication. Whether it’s for real-time personal or business messaging or discussing group expenses within a payments app, instant messaging has transformed the way we communicate. 

Fraudsters infiltrate messaging and payment apps to loot people of their money. In this blog, we elaborate on how this scam works and how you can stay safe from such fraudulent tricks.

How the Chat Scam works

Here’s how a typical scam via “Chat” and “Group” features of messaging and payment apps unfolds:

1. You receive a text message one-on-one chat or are added to a large group by a stranger.
2. The chat is filled with “get-rich-quick” schemes, betting tips, or exclusive “gambling app” rewards.
3. Scammers share a link, often disguised as a reward, cashback or a gaming links.
4. Clicking the link installs a sideloaded APK. Once installed, this app operates in the background to:
   • Forward OTPs: Intercept and forward your SMS/OTPs to the fraudster.
   • Access Documents: Steal photos of your Aadhaar, PAN, and other sensitive files.
5. Armed with your OTPs and identity documents, the fraudster bypasses bank security to drain your accounts and create Synthetic Identities (fake personas using your real data) to commit further crimes.

How to protect yourself from Group Chat Scams

Digital payments and apps are safe when used with caution. The majority of APK/Fake App-based frauds occur because we act in haste, without proper verification, due to either fear or excitement. Protecting ourselves from significant financial loss requires taking a moment to verify the app’s source, the developer’s email, the permissions requested, and the authenticity of any links.

Here are some quick tips to stay safe from cyber fraud:

• Never download or install apps via links sent in chats. These could be malware that could take over your sensitive information. Download apps only from Indus Appstore, Google Play Store or App Store.
• Be wary of groups or chats initiated by phone numbers that are not in your contact list.
• Periodically review which apps have permission to “Read SMS” or “Access Files” in your phone settings.
• No legitimate platform or bank official will ever ask you for an OTP over a chat or call.
• Use Fingerprint or Face ID locks for your payment apps to add an additional layer of defense against unauthorized access.

What to do if you’ve installed a Fake App

1. Uninstall the app immediately.
2. Temporarily turn off mobile data and Wi-Fi.
3. Change passwords for banking, email and payment apps.
4. Contact your bank/payment service provider to enable monitoring or freeze activity.

How to Report 

If you suspect you have been targeted by a scam, report it immediately:

Reporting on PhonePe:

• PhonePe Group Chat: If you suspect the group to be fraudulent, you can click on the “Exit” and “Report” option under group profile.
• PhonePe App: Go to the Help section and raise a complaint.
• PhonePe Customer Care: Call 80-68727374 / 022-68727374.
• Social Media Reporting:
  • Twitter: PhonePe Support
  • Facebook: PhonePe Official
• Grievance Redressal: File a complaint at PhonePe Grievance Portal.

Reporting to Authorities:

• Cyber Crime Cell: File a complaint online at Cyber Crime Portal or call 1930.
• Department of Telecommunications (DOT): Report suspicious messages, calls, or WhatsApp/Telegram fraud via the Chakshu facility on Sanchar Saathi Portal.

Important reminder — PhonePe never asks for confidential or personal details. Ignore all mails claiming to be from PhonePe if they are not from the phonepe.com domain. If you suspect fraud, please contact the authorities immediately.