A government employee in Maharashtra's Hingoli district recently fell victim to a sophisticated online scam involving a fake wedding invitation sent via WhatsApp, resulting in a loss of ₹1,90,000. This incident highlights the increasing prevalence of cybercriminals exploiting the wedding season to target unsuspecting individuals.

The scam begins with the victim receiving a WhatsApp message from an unknown number, inviting them to a wedding scheduled for August 30. The message, designed to appear legitimate, includes a seemingly harmless digital wedding card. In this particular case, the message read, "Welcome. Shadi mein zarur aye (Do come to the wedding). 30/08/2025. Love is the master key that opens the gate of happiness,". However, instead of a standard image or PDF file, the attachment is an Android Application Package (APK) file disguised as a wedding invitation.

APK files are commonly used to distribute and install applications on Android devices. Cybercriminals are using them to mask malware that, once downloaded and installed, grants them access to the victim's device. In the Hingoli case, as soon as the government employee clicked on the file, the cybercriminals were able to access sensitive data on the phone and steal ₹1,90,000.

This type of scam has come to light in the past year, with numerous individuals losing money after falling victim to similar ploys. Once the malware is installed, hackers can steal personal data, monitor device activity, and even control messaging functions. They can misuse the device to send fraudulent messages to contacts, request money, or even extort the victim financially. In some instances, the malware can even read One-Time Passwords (OTPs), allowing access to bank accounts and draining savings.

Authorities in several states, including Himachal Pradesh, Rajasthan, Uttar Pradesh, and Gujarat, have issued advisories warning the public against interacting with suspicious documents received via messaging apps. They recommend verifying the sender's identity, especially if the message comes from an unknown number. Experts advise against downloading files from untrusted sources and emphasize the security risks associated with APK files.

To protect against such scams, it's crucial to be cautious with unsolicited messages and attachments. Mohit Chawla, Deputy Inspector General with the Himachal Pradesh Cyber Crime Department, advises users to avoid clicking on files from unknown sources, especially those related to weddings or other events. He recommends always verifying the sender before opening any file.

If you happen to be a victim of such cyber fraud, it is important to report the incident immediately. You can report cyber fraud by dialing 1930, a national helpline for cybercrime, or by visiting the official government portal at cybercrime.gov.in to register a complaint.

The Ministry of Electronics and IT (MeitY), in collaboration with CyberDost, has also issued warnings about these scams, emphasizing the importance of public awareness. They encourage users to think twice before clicking on any unsolicited wedding invitations and to share screenshots of suspicious invitations on social media to help others stay vigilant. Staying informed and cautious are key to avoiding falling prey to these deceptive online scams.