“One Click, One Disaster: How WhatsApp ‘Wedding Invite’ Scams Are Emptying Bank Accounts”

A seemingly harmless wedding invitation arriving on WhatsApp has turned into a fast-moving cyber-fraud vector across India and elsewhere. In recent months, dozens of victims — from salaried employees to government staff — have lost lakhs after opening what looked like a digital card. The scam exploits trust in personal messaging apps, uses disguised malicious files, and completes theft in minutes. 

A real case (short): the Hingoli incident

A government employee in Maharashtra’s Hingoli district reportedly lost nearly ₹1.9 lakh after opening a WhatsApp wedding invitation that concealed a malicious APK. The file gave attackers access to his phone and banking apps, allowing quick unauthorised transfers. News outlets and police advisories have used the incident to warn the public about a rising trend. 

How the “wedding invite” scam works — step by step

1. Initial contact: Victim receives a WhatsApp message (often from an unknown or spoofed number) with a short invite message and an attachment or link claiming to be an invitation card (PDF/image).
2. Malicious payload disguised: The attachment is actually an APK (Android install file) or a link to a fake viewer app that mimics a PDF/image viewer. It may be labelled to look harmless.
3. User installs / opens: On Android devices (where APK sideloading is possible), the victim is persuaded to install the file to “open the card.” The malware gains permissions — screen recording, accessibility, or remote-control privileges.
4. Account takeover & transfers: Attackers either observe OTPs, control banking apps via accessibility features, or manipulate transactions using social engineering to bypass authentication — resulting in unauthorised transfers.
5. Cleanup: The malicious app may hide itself or uninstall evidence; victims discover the theft only after bank notifications or missing balances.

Why these scams work

• Trust in personal messages: People are far more likely to open an invite or image sent on WhatsApp than an email from an unknown sender.
• Familiar format: Wedding cards, PDFs and image attachments don’t trigger suspicion.
• Device behaviours: Android’s ability to install APKs outside app stores is frequently abused. Many users don’t double-check app permissions.

Warning signs — stop and check

• The message comes from an unknown number or an odd group message.
• The file has an .apk extension, or the link asks you to install an app.
• The sender pressures you to “install quickly” or provides urgent instructions.
• Your phone asks for accessibility or device-admin permissions to “view” the file.
  If any of these show up, don’t install or share the file. Instead, verify the invite with the person who allegedly sent it by calling them (not replying to the message).

Immediate steps if you (or someone you know) clicked/opened the file

1. Disconnect: Turn off Wi-Fi and mobile data immediately.
2. Do not enter OTPs or banking details. If you have already done so, contact your bank immediately and block the card/accounts.
3. Change passwords: From a clean device, change passwords for your email and financial logins.
4. Report: File a complaint on the National Cyber Crime Portal and with local cybercrime police. Provide timestamps, phone numbers, and transaction details.
5. Bank recourse: Ask the bank for a transaction reversal (chargeback) and request a fraud investigation. Keep all communication in writing.
6. Forensic help: If large amounts were transferred, police and banks may need your phone for forensic analysis — cooperate and preserve logs/screenshots.

What law enforcement and banks are saying

Police cyber units in several states have warned the public about malicious APKs disguised as wedding invites and advised citizens not to install unknown apps or open suspicious files. Banks and financial education blogs have also published step-by-step guides on how to spot such scams and how to report them. 

Prevention checklist (practical)

• Never install APKs received via WhatsApp or any messaging app unless you can confirm the sender and verify the file independently.
• Disable “Install from unknown sources” on Android. Use official app stores only.
• Enable UPI/BANK app transaction alerts and set transaction limits where possible.
• Use multi-factor authentication and biometric locks for banking apps.
• Keep device OS and apps updated to benefit from security patches.
• Back up important data and maintain screenshots of suspicious messages for reports.

A note on responsibility and community awareness

Digital wedding invites are convenient — but scammers exploit social practices and festivals. Families, event organisers, and wedding card vendors should educate guests about official digital card formats and avoid sending executable files. Platforms like WhatsApp could also strengthen warnings for APK attachments. Public awareness campaigns by banks and cyber cells help — but individual caution remains critical. 

Closing (call to action)

If you receive an unexpected digital invite: pause, verify, and never install unknown apps. If someone you know becomes a victim, report immediately. Early action increases the chances of recovery. Spread the word: one forwarded warning could prevent a large loss.