Key Points
- Wedding invitation scam surging during November 2025 wedding season across India
- Fake invitations contain .apk files disguised as PDF or image files
- Maharashtra government employee lost Rs 1.9 lakh, Gurugram resident lost Rs 97,000 in recent cases
- APK files install malware that steals OTPs, banking credentials, passwords, and personal data
- Scammers use emotional messages like “Please attend our wedding” and “family invitation”
- Malware can take complete control of phone, monitor activities, and make unauthorized transactions
- Files often named like “Tanu Weds Manu.apk” or similar authentic-sounding wedding names
- Victims include government employees, private sector workers across multiple Indian states
- Police have issued red alerts and registered cases at cybercrime cells nationwide
- Cyber helpline 1930 available for immediate complaint filing
India’s grand wedding season, which peaks in November and December, has become a lucrative hunting ground for cybercriminals who are exploiting the tradition of sending digital wedding invitations via WhatsApp. As families across the country exchange electronic invites to distant relatives and friends, fraudsters have weaponized this cultural practice into a sophisticated scam that has already cost victims lakhs of rupees.
The scam’s effectiveness lies in its emotional manipulation. Wedding invitations carry cultural significance and urgency, prompting recipients to open them immediately without scrutiny. Scammers craft messages with authentic-sounding phrases like “Welcome, please do come to the wedding” (Shadi mein zarur aye) and “Love is the master key that opens the gate of happiness,” making the invitations appear genuine and heartfelt.
Police departments across multiple Indian states have now issued red alerts warning citizens about this emerging threat during what should be a joyous celebration season.
How the Deadly APK File Attack Works
The scam begins when victims receive a WhatsApp message from an unknown number or, in some cases, a spoofed familiar contact. The message includes what appears to be a wedding invitation with a friendly, urgent tone, a personal invite format, and an attachment that looks like a PDF file or wedding card image.
However, the critical deception lies in the file extension. While the attachment displays a wedding card icon and may be named something innocuous like “Tanu Weds Manu.apk” or “Wedding Invitation.apk,” it is actually an Android Application Package (APK) file, not a PDF or image. APK files are executable programs that can install software on Android devices.
“On WhatsApp the attachment may look like an invite image; in reality the filename often ends with .apk or hides a malicious payload,” cybersecurity experts explained.
The moment a victim clicks on the file and approves its installation, the malicious application gains access to the phone. Once installed, the malware operates silently in the background, giving cybercriminals complete control over the device.
What Happens After the Malware Installation
Once the APK file executes on the victim’s phone, it deploys sophisticated malware that can perform multiple dangerous actions simultaneously. The malicious software intercepts OTPs (one-time passwords) sent via SMS for banking transactions, allowing criminals to authorize transfers without the victim’s knowledge.
The malware harvests login credentials for banking apps, UPI applications, email accounts, and social media platforms stored on the device. It can access photos, documents, and identity data for later fraud, blackmail, or identity theft.
In the most severe cases, the malware grants cybercriminals complete remote control of the phone. They can monitor the victim’s activities in real-time, make unauthorized transactions, and even use the compromised device to scam the victim’s contacts by pretending to be the phone owner and requesting money.
Some variants can lock the device and demand ransom payments to restore access, functioning as mobile ransomware.
Recent High-Profile Cases Across India
Several documented cases in recent months illustrate the devastating financial impact of this scam. In August 2025, a government employee from Maharashtra’s Hingoli district received a wedding invitation on WhatsApp from an unknown number inviting them to a wedding on August 30. The message read: “Welcome. Shadi mein zarur aye (Do come to the wedding). 30/08/2025. Love is the master key that opens the gate of happiness”.
Below the message was what appeared to be a PDF file of the wedding invitation. As soon as the victim clicked on the disguised APK file, cybercriminals accessed the phone’s data and stole Rs 1,90,000 (nearly Rs 2 lakh). A case was filed at Hingoli police station and the cyber cell department.
In a more recent October 2025 case, a resident of Vishnu Garden in Gurugram received a wedding invitation on WhatsApp from an unknown number on September 4. Curious about whose invite it was, he clicked on the link, unknowingly allowing his phone to be hacked. By the time he realized what had happened, three unauthorized transactions had been made, and cybercriminals had drained Rs 97,000 from his bank account.
The incident was reported to the Cyber Crime West police station in Gurugram, and an investigation is underway. Gurugram police have warned that cybercriminals are constantly inventing new ways to scam people, urging the public to remain vigilant.
Why This Scam Is Spreading So Rapidly
Cybersecurity experts have identified several factors contributing to the rapid proliferation of this scam during the 2025 wedding season. Wedding invitations are emotionally charged and culturally significant in India, causing people to open them immediately without careful examination. The social expectation of responding promptly to wedding invites creates psychological pressure that overrides caution.
Scammers design the fake wedding cards with professional authenticity, using genuine-looking templates, proper formatting, actual wedding-style language, and convincing design elements. Many victims assume the invitations are legitimate because they appear identical to real digital wedding cards.
The technical sophistication of disguising APK files as PDFs or images makes detection difficult for average users who may not check file extensions before opening attachments. On Android devices, the malware installation process can occur quickly before victims realize they’ve installed an application rather than viewed a document.
Additionally, taking advantage of the trust inherent in wedding invitations and family communications, fraudsters exploit emotional vulnerabilities that cause people to lower their guard. Thousands of people across India have already fallen victim to this scam.
The Email and RSVP Variant
While WhatsApp remains the primary delivery mechanism, a parallel version of this scam operates through email channels. Victims receive emails claiming to be from popular wedding websites or event planning services, containing links asking recipients to “RSVP” or “view details”.
Clicking these links redirects to fake webpages that request personal information including name, phone number, email address, and home address, which scammers harvest for identity theft and future fraud. Some sophisticated variants request credit card information under the guise of “confirming attendance” or “selecting meal preferences”.
These phishing pages are designed to look identical to legitimate wedding RSVP platforms, complete with authentic branding and professional layouts that fool even cautious users.
iPhone Users Not Immune
While APK files specifically target Android devices, iPhone users face related threats. Attackers use phishing links that prompt for Apple ID credentials, claiming users need to “sign in to view the invitation.” Compromised Apple IDs give criminals access to iCloud data, payment information, and personal content.
Another technique involves tricking iOS users into installing malicious configuration profiles that open backdoors allowing remote access and data exfiltration. These profiles grant extensive permissions that persist even after the initial webpage is closed.
Comprehensive Protection Strategies
Cybersecurity experts and law enforcement agencies have issued detailed guidance on protecting against wedding invitation scams. The most critical rule is to never open links, PDFs, APK files, or attachments from unknown numbers or suspicious contacts, regardless of how legitimate they appear.
Before opening any wedding invitation received digitally, verify its authenticity by calling the sender directly using a known phone number, not the number from which the invitation was sent. Ask specifically whether they sent you a wedding invitation, describe the file format, and confirm the wedding details.
Always check the file extension before opening any attachment. Legitimate wedding invitations are typically .jpg, .png, or .pdf files, never .apk files. If you see .apk, delete the message immediately without opening the file.
Install and maintain updated antivirus software on your smartphone with real-time scanning enabled. Keep your phone’s operating system and all applications updated with the latest security patches, as these often contain protections against newly discovered malware variants.
Enable Android’s built-in protection that blocks installation from unknown sources. Never disable this security setting, even if prompted by a seemingly legitimate installation request.
Critical Post-Compromise Actions
If you accidentally click on a suspicious wedding invitation link or install an unknown APK file, take immediate action to minimize damage. Immediately disconnect your phone from the internet by turning off Wi-Fi and mobile data to prevent the malware from communicating with the attacker’s command servers.
Change all critical passwords immediately, starting with internet banking, UPI apps, email accounts, and social media, using a different device if possible since your compromised phone cannot be trusted.
Contact your bank immediately to freeze your accounts and debit/credit cards. Monitor your account statements for unauthorized transactions and report any suspicious activity.
Install or run antivirus software to scan for and remove malware. If the infection appears severe, consider performing a factory reset of your phone, but back up essential data to cloud storage first if the phone appears stable enough.
Most importantly, file a complaint immediately with the national cyber helpline at 1930, which provides 24/7 assistance for cybercrime victims. Also report to your local cyber crime police station with all relevant details including screenshots, phone numbers, and transaction records.
Government and Law Enforcement Response
Police departments across India have launched awareness campaigns about the wedding invitation scam, particularly targeting the November-December wedding season when such fraud peaks. Cybercrime cells in Maharashtra, Haryana, Delhi, and other states have registered multiple cases against unknown perpetrators.
The Ministry of Electronics and Information Technology has issued advisories warning about APK file-based fraud disguised as government documents, wedding invites, electricity bills, and RTO challans, indicating the scam has evolved beyond just wedding invitations.
Law enforcement agencies are investigating the technical infrastructure used by these criminal networks, including tracing the origin of malware, identifying bank accounts receiving stolen funds, and tracking international connections that may be involved in these operations.
Broader Digital Safety Implications
The wedding invitation scam represents a concerning evolution in social engineering attacks that exploit cultural practices and emotional triggers. As India continues its rapid digital transformation, cybercriminals increasingly adapt traditional fraud techniques to digital platforms, preying on trust and familiarity.
Security experts warn that similar scams will likely emerge around other culturally significant events, including festival greetings, birthday invitations, baby announcement cards, and graduation ceremonies, any occasion where digital sharing is common and emotional engagement is high.
The incidents underscore the critical need for digital literacy education across all demographic segments, particularly for older users and those in smaller cities and towns who may be less familiar with cybersecurity risks. Financial institutions and technology companies also bear responsibility for implementing stronger protections and more effective fraud detection systems.
As wedding season continues through early 2026, authorities urge maximum vigilance. The simple rule remains: when in doubt about any digital invitation, verify before you click, because one moment of curiosity could cost you lakhs of rupees and months of recovery effort.
