According to the lawsuit, the judge was attempting to use reward points accrued on a credit card on February 28. After being unable to get through to the bank’s official customer service line, she looked online and found another number that appeared to be connected to the credit card department.
When she called the number, someone pretending to be a bank official gave her an 18-MB file via WhatsApp, saying it was necessary to complete in order for her to redeem the reward points. However, the file could not be opened on her iPhone. The fraudster then suggested that she access it using an Android device.
The caller recommended putting the SIM card into an Android phone and downloading the file there when the judge’s iPhone was unable to view the file. Following this, the judge entered credit card information on a form connected to the file and soon received email alerts indicating multiple transactions. Within minutes, multiple transactions totalling ₹6.02 lakh were deducted from the credit card.
Upon discovering the scam, the judge promptly ceased the card and notified the National Cyber Crime Reporting Portal (NCCRP) and the cyber hotline of the incident. She also filed a formal complaint at the Cuffe Parade police station in Mumbai.
Bombay High Court judge duped of ₹6 lakh in online credit card reward points scam
Read here: https://t.co/fcr85xAmOh pic.twitter.com/bauSFiIyu2— Bar and Bench (@barandbench) March 7, 2026
How Reward Points Scams Typically Work
Phishing/Smishing: Users get messages saying they have earned reward points that are about to expire.
Fake customer service numbers: Online fraudsters post or advertise fake bank helpline numbers. Unknowingly, victims who are looking for help call these numbers.
Posing as a bank official: Scammers pose as representatives of the bank’s credit card or rewards department and offer help in redeeming points or cashback.
Malicious app or file: Often posing as legitimate banking apps or forms, victims receive links or APK files via WhatsApp or SMS. Installing them can lead users to phishing pages or grant criminals access to the device.
Data theft: Sensitive information, such as credit card numbers, CVVs, expiration dates, and OTPs, is requested from victims.
Quick transactions: Fraudsters use these details to swiftly complete multiple online transactions before the victim becomes aware of the breach.
Preventive Measures
Avoid clicking on unsolicited links that promise cashback or reward points.
Refraining from disclosing passwords, OTPs, card information, or sensitive information to anybody.
Avoid installing any APK files that you received via WhatsApp.
Checking and redeeming reward points only through official bank websites or customer care representatives.
