Noida/Greater Noida West: A 23-year-old resident of Greater Noida West was allegedly defrauded of ₹1.90 lakh in a cyber-fraud incident reported in the Bisrakh police station area. The victim, Aditya Maheshwari, a resident of Defence Adela in Gaur City-2, had taken to social media platform X on November 19 to complain that his credit card application was pending and had not been issued by the bank. Shortly after the post went public, a scammer contacted him, misrepresenting himself as an employee of HSBC Bank, offering seemingly genuine assistance that later enabled the hacking of Maheshwari’s phone and unauthorized transfer of funds from his bank accounts.
Police officials have confirmed that a case has been registered under the IT Act against an unidentified accused, and further investigation is being conducted with support from the cyber cell. This incident has triggered renewed warnings from district authorities and law-enforcement agencies, who have observed an increase in digital fraud cases targeting individuals seeking redressal through social media, online grievance portals, and public platforms. Investigators believe the fraudster used social-media monitoring to identify the victim as a target, exploited his urgency regarding the credit card, and used psychological manipulation—including apologies and assurances of resolution—to build credibility.
Modus operandi exposes social-media monitoring risk; Jewar MLA and police urge citizens to avoid unverified email links
According to the police complaint submitted by the victim, Maheshwari had applied for a credit card through HSBC Bank months ago. However, when there was no progress on his application for an extended period, he shared details of the issue publicly on X, tagging the bank’s official handle in a grievance post. On November 29, Maheshwari received a phone call from an unknown mobile number. The caller identified himself as a bank representative from HSBC and even tendered a formal apology to Maheshwari, admitting to procedural delays and assuring quick resolution. Reassured by the tone of the conversation, Maheshwari allegedly shared his email ID with the caller after being told that a link would be sent for re-application and fast-track processing of the credit card.
Within seconds of Maheshwari clicking the link sent to him on email, his phone was allegedly hacked. The fraudster gained remote access to Maheshwari’s mobile device, bypassing authentication layers and initiating transactions directly through the victim’s saved financial applications. The scammer transferred ₹97,528 from one bank account and ₹96,329 from another, totaling ₹1.90 lakh. The victim soon received transaction alerts from the bank on SMS, after which he realized he had fallen into an online trap. Shocked, Maheshwari immediately reported the incident to the Bisrakh police station with a written complaint, seeking urgent legal action and account-freezing assistance. The complaint was forwarded to the cyber cell, which has launched digital tracing efforts to map the source of the malicious link, call origin, and transaction route.
Station House Officer (SHO) Manoj Kumar Singh confirmed that the case has been registered under the IT Act against an unidentified accused. He added that investigators are working closely with the cyber team to identify the suspect based on phone call records, email link metadata, IP investigation, and transfer routing analysis. The police have also reassured the victim that efforts are underway to initiate recall protocols, check for mule-account destination, and coordinate with relevant banks to track the final endpoints of the stolen funds.
Authorities have observed that cyber criminals are actively scanning public posts on platforms like X, Facebook, Instagram, and YouTube to identify individuals flagging issues related to banking, telecom, delivery apps, refunds, and government schemes. Officials warn that consumers unknowingly expose themselves to potential scams when sharing context-rich grievances publicly, which helps fraudsters understand their vulnerabilities, profile urgency, map financial behavior, and initiate targeted deception.
The district disaster-management wing, along with the Noida cyber cell, has renewed its appeal asking citizens to avoid clicking on unverified email links, unfamiliar messages, random WhatsApp URLs, or phone-prompted digital actions—even if the caller poses as a bank official. Officials say fraudulent operators increasingly rely on emotional engineering, scripted corporate-style language, and impersonation techniques that sound legitimate enough to trick even educated consumers. Police and civic bodies are also encouraging residents to verify bank communication only through official channels, helpline numbers, or authorized branch visits.
Investigation and safety guidelines issued
The police are now probing several possibilities, including the use of phishing malware, remote-access trojans, or device-mirroring kits embedded in the link sent to the victim. Experts involved in the investigation have stated that many phishing links are programmed to auto-deploy malware that extracts saved credentials, copies cookie sessions, mirrors apps, and enables instant transaction initiation from digital banking interfaces. Investigators are also verifying whether the funds were routed to multiple layered accounts before final destination, a pattern commonly used to evade detection.
The victim’s case highlights challenges in real-time digital database protection—particularly when personal phones remain the single point of authentication for banking apps, payment channels, autofill credentials, stored OTP permissions, and authorization alerts. Cyber officials have said that installation of anti-virus, removal of saved banking passwords, disabling notification permissions, and avoiding dual-account linking on a single device can minimize risk, but structural solutions must also involve stronger multi-factor authentication architecture.
Cautions repeated by administration
* Social-media grievances should avoid personal phone numbers, email IDs, or financial details.
* Banks never send OTS or re-application links from personal mobile numbers.
* Verification must only happen via official bank app or registered helpline.
* Any link sentencing urgent action must be treated as suspicious until verified.
* Malware deployment inside phishing links is now automated and instantaneous.
* Dual-banking accounts on one device increase single-point vulnerability of funds.
* Tight review, traceability, and public awareness are key to lowering seasonal fraud spikes.
