A new and alarming cyber fraud is targeting government employees across India, siphoning money from their bank accounts by luring them with promises of calculating their expected salary hike under the 8th Pay Commission (8th CPC).
As per an advisory issued by the Indian Cyber Crime Coordination Centre (I4C), a unit under the Ministry of Home Affairs, cyber fraudsters are spreading messages, mainly on WhatsApp, urging government employees to download an APK file to check their so-called ‘revised salary.’
What are APK files?
An APK file is an Android application package. Although it may appear to be a simple salary calculator or utility app, it actually contains malicious software. Once downloaded and installed, the malware can grant fraudsters remote access to the user’s mobile device, allowing them to monitor activity and potentially siphon off funds.
“Scammers are exploiting curiosity around the 8th Pay Commission by sending messages that promise a quick salary calculation. Once a person downloads the fake app, malware takes control of the phone, reads messages, captures OTPs and can even access linked bank accounts without the user realising it,” said Ekta Rai, Advocate, Delhi High Court.
Where to check 8th pay commission updates safely?
You can access all legitimate updates regarding the 8th Pay Commission through the newly launched official portal, 8cpc.gov.in, or verified.gov.in domains.
What people should keep in mind to avoid such scams
People should treat it as a basic rule never to open or install any file with an APK extension received on WhatsApp or social media. “All government personnel should maintain rigorous digital hygiene by strictly adhering to the ‘official-source-only’ rule for all service-related information. You must remember that no government department ever disseminates salary calculators, sensitive policy documents, or APK files via private messaging platforms like WhatsApp,” said B. Shravanth Shanker, Managing Partner, B. Shanker Advocates LLP.
Ensure your device settings have ‘Install from Unknown Sources’ disabled, as side-loading applications is a primary vector for financial compromise.
It is vital to never share One-Time Passwords (OTPs) or personal identifiers, regardless of the sender's purported official authority.
If you encounter a suspicious link or suffer a breach, report it immediately to the National Cyber Crime Reporting portal. Proactive procedural caution is your most effective legal safeguard against the rising tide of sophisticated cyber-extortion.
Fastag scam
Another case is related to FASTag, which has an even broader reach and exposes a larger number of people to potential fraud. “FASTag recharge, activation, or refund has recently become a scam trap. Scammers promote fake customer support numbers on Google and, in the name of activation or refund, make users download screen-sharing apps to gain access to their phones,” according to a recent I4C advisory.
NHAI has urged users to rely solely on official and verified platforms for any FASTag-related services. It has cautioned people against clicking on sponsored links or unknown advertisements, advising them to leave the page immediately if anything appears suspicious. The advisory further clarifies that the Rajmargyatra app is the only authorised platform for purchasing the annual pass.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
