Shimla, May 19 — In one of the largest cyber frauds reported in Himachal Pradesh, scammers siphoned off over ₹11.55 crore from a customer’s bank account at the Himachal Pradesh State Co-operative Bank by hacking into his mobile phone and exploiting internet banking systems. The fraud, which originated from the bank’s Halti branch in Chamba district, was executed through multiple unauthorized NEFT and RTGS transactions.
Fraud Executed via Malicious App ‘HimPaisa’
According to reports by PTI, the scam was orchestrated between May 11 and May 12, but it remained undetected until May 14—partly due to the bank being closed for a holiday on May 13. The fraudsters tricked the bank customer into downloading a seemingly legitimate mobile application named HimPaisa. Once installed, the app granted remote access to the user’s device, including their banking credentials.
This unauthorized access allowed the hackers to breach the bank’s internet banking system and transfer funds from the customer’s account to 20 different beneficiary accounts using NEFT and RTGS methods.
Investigation and Emergency Measures
The scam came to light when the bank received its routine transaction report from the Reserve Bank of India (RBI). On discovering the fraudulent transactions, the bank’s Chief Information Security Officer (CISO) promptly filed a zero FIR at the Sadar police station in Shimla. The matter was escalated and is now under the purview of the Cyber Police Station.
Authorities swiftly moved to freeze all 20 accounts that received the transferred funds to prevent any further financial loss. Additionally, a specialized team from CERT-In (Indian Computer Emergency Response Team) is scheduled to arrive in Shimla to investigate the breach and assess vulnerabilities in the bank’s data infrastructure.
RBI Guidelines Reinforced Post Scam
In light of this incident, the RBI has reiterated important guidelines for the general public to prevent digital banking fraud:
Never share confidential banking information like login credentials, PINs, OTPs, or card numbers with anyone.
Avoid downloading apps from unofficial sources or clicking on suspicious links.
Refrain from installing applications that request unnecessary permissions or access to your phone.
Be cautious of UPI collect requests, which scammers often use to trick users into authorizing payments.
Always verify contact information through official websites or banking portals.
A Wake-Up Call for Digital Banking Security
This incident is a stark reminder of the growing risks in India’s digital banking ecosystem. With cybercriminals increasingly targeting vulnerable systems and uninformed users, both financial institutions and customers must prioritize cyber hygiene and robust digital safeguards.
The Himachal Pradesh Co-operative Bank is now conducting a full-scale internal audit of its cybersecurity protocols, while law enforcement agencies continue to trace the money trail and identify the individuals behind the scam.
Bhupendra Singh Chundawat is a seasoned technology journalist with over 22 years of experience in the media industry. He specializes in covering the global technology landscape, with a deep focus on manufacturing trends and the geopolitical impact on tech companies. Currently serving as the Editor at Udaipur Kiran, his insights are shaped by decades of hands-on reporting and editorial leadership in the fast-evolving world of technology.
