Authorities in Hyderabad and the Telangana Cyber Security Bureau have issued a timely warning about a surge in malicious New Year greetings circulating on WhatsApp, Facebook and Instagram. The messages often appear as personalised cards or animated gifts and may arrive with prompts such as ‘see your greeting’ or ‘claim a gift’. On first glance they seem harmless, but tapping the link or animation can trigger the installation of malicious Android packages that run spyware in the background.
New Year greeting scam
According to officials, the scam is designed to appear genuine and can even be forwarded from a compromised contact, increasing its credibility. Once the malicious APK is installed, it can harvest a range of sensitive data from the device, including one-time passwords, SMS messages, photo galleries and banking details. In extreme cases, attackers can use the compromised account to propagate the same link to office groups, family members and friends, amplifying the threat.
Cybersecurity experts note that these campaigns are increasingly sophisticated and difficult to spot. Criminals use social engineering techniques to create urgency and curiosity around festive greetings, relying on users’ lowered guard during holiday seasons to increase click-through rates. The immediate risks extend beyond data theft: a compromised device can lead to financial fraud, identity theft and reputational damage if attackers use the account to impersonate the victim.
Practical precautions can greatly reduce the chance of falling victim. First, treat unsolicited links or animations with suspicion, even when they appear to come from known contacts. If a message seems out of character for the sender—unexpected attachments, unusual wording or requests to open a link—confirm with the sender by a separate call or message before interacting.
Second, avoid installing applications from unknown sources. Android devices prompt users when an installation originates outside the Google Play Store; decline such prompts unless you are certain of the app’s origin. Keep your device operating system and apps up to date, and install a reputable mobile security app that can detect and block malicious software.
If you have already clicked a suspicious link or noticed unfamiliar apps, take immediate action. Disconnect the device from the internet by switching off Wi‑Fi and mobile data, uninstall any unfamiliar applications, and run a full security scan. Change passwords for important accounts from a secure device and enable two-factor authentication where available. Notify contacts if your account may have been used to send malicious links so they can avoid opening them.
Organisations and employers should remind staff not to open unsolicited links on workplace devices and consider enforcing mobile security policies. Regular awareness campaigns, phishing simulations and strict controls on app installation can help limit the spread of such threats during high-risk periods like the New Year season.
Public safety notices such as the one from Telangana serve as a useful reminder that cybercriminals exploit festive occasions to increase their reach. A cautious approach—verify before you click, limit installations to trusted sources and act quickly if you suspect a compromise—remains the best defence against data-stealing scams circulating on social media and messaging apps.
Key Takeaways:
- Hyderabad and Telangana Cyber Security Bureau warn of a New Year greeting scam spreading via WhatsApp, Facebook and Instagram.
- Malicious links or animations install APKs that run spyware, risking OTPs, photos and banking information.
- Do not click unsolicited ‘see your greeting’ or ‘claim a gift’ links even if they appear to come from contacts; disconnect and remove unknown apps if infected.
