As celebrations for New Year 2026 draw near, authorities have warned that not all festive messages are innocent. Cybercriminals are exploiting WhatsApp and Telegram to send links masquerading as greetings, digital gifts, or year-end rewards. Instead of festive cheer, these links can secretly install malware on a phone, giving hackers access to sensitive data.

The Telangana Cyber Security Bureau (TGCSB) and Hyderabad police have highlighted that these scams often rely on trust rather than fear. Messages may appear to come from friends or family, making users less cautious. “People believe they are opening a greeting card, but in reality, they are handing over the keys to their bank account,” TGCSB chief Shikha Goel said.

Here’s how the scam works: the victim receives a message promising a greeting, gift, or reward. Clicking the link may redirect to a fake website or prompt an app download. The installed malware can collect personal information, read incoming OTPs, access banking apps, and even take over WhatsApp accounts. In some cases, it forwards itself automatically to the victim’s contacts, spreading the scam rapidly.

Authorities have listed signs of a potential scam: unknown links or attachments, requests to download apps, messages urging urgent action, promises of gifts or rewards, requests for personal information, spelling mistakes, unusual formatting, or repeated forwarding in groups. Messages that seem out of character from familiar contacts should also raise suspicion.

Stay Safe: Avoid Suspicious Links and Enable WhatsApp Security

To protect themselves, users are advised not to click on suspicious links, even from trusted contacts. Verifying unusual messages via a separate call or text is recommended. Enabling two-step verification on WhatsApp, only installing apps from official stores, and avoiding sharing banking details or OTPs are crucial preventive steps. Users can also check for suspicious call forwarding by dialing *#21# and disable unknown numbers with ##002#.

If someone inadvertently clicks a malicious link, experts advise acting quickly: disconnect the device from the internet, uninstall unknown apps, notify the bank, and report the incident to authorities through the cybercrime helpline 1930 or the national reporting portal. Acting fast during the “golden hour” can help limit financial losses.

Authorities have stressed that the festive period is a prime target for cybercriminals because people are more likely to trust messages during celebrations. “Staying alert online is just as important as celebrating offline,” said officials, urging everyone to enjoy the New Year while remaining digitally cautious.