As online financial transactions became simpler and easier to conduct, the number of fraudulent transactions involving digital financial transactions also increased. Taking advantage of the increased sophistication of the fraudsters does not seem to be a problem. Cybercriminals, especially those inexperienced with financial transactions, have slowly begun using other platforms to dupe naive and gullible people after phishing and lottery scams.

Another way fraudulent activity is being carried out by fraudsters is by sending links via text messages to Kolkatans who are being targeted by them. The links on the website are the ones that notify users that a substantial amount has been credited into the accounts of these players. 

The police said that if one clicks on such a link to claim the money, the entire amount of funds may be transferred from the victim's account to the fraudsters' account and they will not even require them to share any OTP as part of the fraud. 

The UPI platform is used for several fraud types. Neither of these is a result of UPI problems but rather a consequence of deceptions by criminals. 

Analysts call it APK fraud as victims are tricked into downloading APK files that compromise their phones. This is done by clicking links sent by fraudulent parties to download APK files.  

An APK file download will result in an SMS-forwarding application being installed on the device and it will divert all incoming text messages to another number, so the victim isn't alerted when the money is debited from his or her account because the SMS will be forwarded to another number. According to an officer at the Lalbazar cyber cell, an SMS alert isn't received by the victim. 

There is a new method of gaining remote access to the phones of their victims that has become a weapon of choice for fraudsters. According to the officer, the scammers are claiming in their fake message to have received a large amount credited to their gaming account. 

It was reported by the Calcutta Telegraph that some Calcuttans who have been contacted had received messages saying: "Hi 9830xxxxx9 (mobile number of the recipient), The transaction of Rs 96793 has been completed to your (the name of the online gaming app). "

According to the police, victims of fraud never realize how they were cheated because they had never given their personal identification number to anyone else before being duped. 

According to a senior police officer, unlike other fraud attacks that are sent from random phones and do not address the recipient directly, the messages sent as part of the APK scam target specific individuals and are customized to them. 

There was a time when text messages were sent randomly, but that has changed. There is one thing though, the officer said, that makes it look authentic and trustworthy to be sending these messages to someone, and that is the phone number of the person to whom the message is addressed. 

In the immediate aftermath of clicking the link in the message, the recipient will see two attachments appear on his or her screen.

If the first attachment is clicked, a screen-sharing application will be silently installed on the phone and will allow fraudsters to gain direct access to the phone. A second attachment, if clicked, triggers the installation of an SMS forwarding product in the person's phone so that if fraudsters are using this software to carry out transactions on our bank account, the person will not receive any text messages from their bank, the officer explained.

According to Assistant Commissioner Atul V., their top priority area is creating awareness among their officers about the APK fraud, which has been a major problem for some time. 

Moreover, a cyber expert told that the APK fraud program is designed to make it difficult for the police to track down the fraudsters through the link in the message if a victim reports such a matter to the authorities. This is because the link in the message is active for a short period. 

Several people have been scammed in this way by sending text messages with spurious links. The sender then asks them to click on the link. A browser on the computer after a certain period will only be redirected to a popular search engine if you click on the link after that time. This means that the links remain active for only a few hours, if that long, then even the law-enforcement agencies will have no way to track the APK files or the transactions that have taken place after that explained a cyber expert in Kolkata.