Sri Lanka Police are urging the public to be cautious about files being shared on WhatsApp and Telegram that look completely harmless but can quietly hand criminals full control of your phone, and ultimately, your money.
The scam works through what is known as an APK file, a type of installation package used on Android devices. These files are arriving in people’s inboxes dressed up as wedding invitations, electricity bills, or notifications saying they have won a prize. Someone opens what they think is a photo or a PDF, and without realising it, they have just installed malicious software on their device.
Once that software is running, it is not sitting idle. It can take over your screen, read your messages, and intercept the one-time passwords your bank sends you to verify transactions. By the time you notice something is wrong, a criminal may have already accessed your account.
What makes this particularly difficult to guard against is that these files sometimes appear to come from contacts you recognise. Scammers are aware that people lower their guard when a message looks like it is from a friend or a familiar name.
The police advice is straightforward. Do not open any APK file sent to you through a messaging app, regardless of who appears to have sent it. If you need to install an application on your phone, use the Google Play Store or the Apple App Store. These platforms have security checks in place that third party sources simply do not.
It is also worth going into your phone settings and turning off the option that allows applications to be installed from unknown sources. On most Android phones this is listed under security settings. Turning it off means that even if someone does trick you into tapping a file, your phone will block the installation from going ahead.
If you believe you may have already opened one of these files, the priority is to act quickly. Contact your bank immediately to alert them and temporarily secure your accounts. Then report the incident to your nearest police station or to the Computer Crimes Investigation Division, which sits under the Criminal Investigation Department and handles exactly these kinds of cases.
Digital scams are becoming harder to spot precisely because they are designed to look like everyday things. A wedding invitation, a utility bill, a small prize. The best protection remains a simple habit: when something arrives unexpectedly on your phone asking you to open or download a file, pause before you tap.
