Security Alert: New Year WhatsApp Scam Puts Bank Accounts at Risk
As the new year approaches, cybercriminals are once again taking advantage of the holiday atmosphere to target gullible Indian smartphone users. A new scam that purports to allow customers to make customized New Year’s greeting cards is reportedly making the rounds. Instead, it distributes a malicious APK file that can hack cellphones in order to steal personal data, result in financial losses, and jeopardize user privacy. The Hyderabad Cyber Crimes Unit’s alert notes that the bogus URLs are being extensively shared over social media, SMS, and WhatsApp.
How the New Year 2026 Scam Occurs
The alert claims that the New Year greeting scam is intended to take advantage of gullible individuals who merely wish friends and family a happy new year. In order to create a customized New Year’s greeting card with their name or images, users are usually prompted to tap a link in an SMS or WhatsApp message.
?? Scam Alert! Messages offering a “personalized” New Year card via links or .apk files can install malware. Don’t click, don’t download—report & block immediately. Stay alert this festive season! ?? #CyberSecurity #WhatsAppScam #1930 #cybercrimespshyderabad #onlinesafety… pic.twitter.com/Gc1jKjaPsF
— Cyber Crimes Unit Hyderabad (@CyberCrimeshyd) December 31, 2025
When a person clicks on the link, they are taken to a page where they are asked to download an APK file that has festive titles like Happy New Year.apk. Even though it can seem innocuous, installing the APK might include malware and grant threat actors access to private data kept on the device, transforming a straightforward attempt to send a New Year’s greeting into a financial and privacy risk with dire repercussions.
Cybercriminals can use this fraud to steal your banking and personal information, damage user privacy, infect your phone with malware, and even take control of the device, according to the Hyderabad Cyber Crimes Unit.
New Year 2026 Scam: How to Protect Yourself
To mitigate such scenarios, users are advised to:
- Avoid clicking on unknown links
- Never install APK files from messages or an unknown source
- Download apps only from official sources, like the Google Play Store
- Verify before trusting apps with their data
Users are advised to file a report online through the cybercrime.gov.in portal or call the national cybercrime helpline at 1930 if they believe they have come across or fallen victim to the New Year greeting scam. According to the cybercrimes unit, prompt reporting can help reduce financial losses and support investigations.
WhatsApp GhostPairing Attack
Security experts have also issued warnings in recent weeks on GhostPairing, another cyberattack. It is said to enable hackers to covertly take over WhatsApp accounts without attempting SIM-swapping or compromising passwords. According to sources, it uses WhatsApp’s device linking feature to deceive users into accepting a malicious device link.
Although either a QR code or a numeric pairing code is typically used for device connection, researchers believe that the latter is more prevalent.
Users typically start this by receiving a brief message from a contact that includes a link to a Facebook photo. When they click on it, it takes them to a fake Facebook login site where they are prompted for their phone number and other login information. A numerical code is purportedly displayed on the following screen, along with instructions on how to enter it on WhatsApp. Rather, the victim’s account is linked to the attacker’s browser.
