Retired Army Colonel in Noida Loses ₹28.87 Lakh in Sophisticated Cyber Fraud

A retired Army Colonel from Noida has fallen prey to a highly sophisticated cyber fraud involving a malicious mobile app and SIM cloning. The scammers managed to withdraw ₹28.87 lakh from his bank accounts through 13 unauthorised transactions — including seven IMPS transfers — all without any OTP reaching his phone.

The victim, Colonel (retd.) Gopal Canal, who lives in Sector 28, received a call on November 7 from a man posing as an executive of Indraprastha Gas Limited (IGL). The caller claimed that the Colonel's gas connection needed renewal and sent him an APK file on WhatsApp, asking him to install it to complete the process.

Believing it to be genuine, he installed the file. For the next two days, nothing unusual happened — no suspicious calls or messages — giving a false sense of security.

However, on November 10, his phone suddenly buzzed with 13 bank transaction alerts, including multiple IMPS transfers. To his shock, Canal realised he had not received a single OTP for any of the transactions, even though IMPS transfers require verification.

Fraudsters also used his credit card and maxed out the available limit. By the time he checked his banking apps and messages, a total of ₹28.87 lakh had already been wiped out.

How the Fraud Happened

Cyber experts examining the case revealed that the APK file contained spyware that granted the scammers complete access to the victim’s phone. Once installed, the malware enabled the fraudsters to:

• Gain administrative control of the device

• Clone the SIM linked to the victim’s bank accounts

• Redirect all SMS alerts and OTPs to their own device

• Block incoming messages from showing on the victim’s phone

• Access internet banking, credit cards and linked financial services

With total control over the victim’s phone and SIM, the criminals bypassed every OTP-based security layer and carried out high-value transactions with ease.

Investigators noted that the fraudsters even attempted more transactions after exhausting the credit and debit card limits, suggesting a deep breach of both the mobile network and banking communication channels.

Investigation Underway

Realising he had been duped, Colonel Canal immediately informed his bank and the Cyber Cell. His accounts were frozen to prevent further loss. A case has been registered under relevant sections of the IPC and the IT Act.

The Cyber Cell is now working to trace the perpetrators, their digital footprints and the servers used to execute the attack.

Authorities have once again urged the public not to download APK files or click links sent by unknown callers, even if they appear official.