The Telangana Police has warned people to stay alert ahead of New Year celebrations after cybercriminals started spreading dangerous ‘greeting scams’ on WhatsApp and Telegram using festive messages to secretly take control of mobile phones and bank accounts.
As Hyderabad prepares to welcome 2026, the Telangana Cyber Security Bureau (TGCSB) says fraudsters are exploiting festive goodwill rather than fear or greed, making these attacks more difficult to detect.
What are “greeting scams”?
According to an NDTV report, users will receive a New Year message that appears to be from a trusted contact whose account has already been compromised. The message contains a link that claims to offer a “special personalized greeting”, “new year gift” or “SBI year-end reward”.
The link looks harmless but is designed to infect your phone.
What happens when you click the link?
Police say that once the link is opened, a malicious APK – or Android Package Kit – is silently installed on the phone. Instead of displaying a greeting, the malware gives hackers remote access to the device. Malware doesn’t just steal information. It effectively “hijacks” the phone, the report added.
How much control do hackers have?
Cyber experts warn that the malicious file allows hackers to read SMS messages, access photos, contacts and even activate the microphone. This allows them to bypass two-factor authentication used for banking and financial applications.
Attackers also take over the victim’s WhatsApp account and forward the same fraudulent link to family, friends and office groups, further spreading the infection.
Unlike traditional scams, these attacks rely on social engineering. Because the links come from known contacts and appear in trusted group chats, people don’t suspect foul play.
“People believe they are opening a greeting card, but they are actually handing over their bank account keys,” said Shikha Goel, who heads the bureau, according to NDTV.
What does the TGCSB advise citizens to do?
To stay safe during the festive season, TGCSB has issued the following guidelines:
- Never click on links: Do not open links sent as greetings, gifts or offers, even if they are from friends or family
- Block APK files: Don’t install apps sent via messaging platforms
- Enable 2FA: Turn on two-step verification on WhatsApp to prevent account theft
- Official Updates: Download apps and updates only from Google Play or Apple App Store
- Immediate disconnection: If you click on a suspicious link, turn off internet access, uninstall unknown apps and notify your bank immediately
Police have urged people to remain vigilant and verify messages before clicking, warning that a moment of festive excitement can lead to serious financial and personal loss.
