A new digital fraud is rapidly spreading these days: the smartphone shutdown scam. It sounds strange, but several cases across the country have reported data theft, location tracking, and even call-message access from seemingly turned-off phones. Interestingly, this plot was also featured in the latest season of 'The Family Man'.
This scam is particularly alarming because it undermines our basic understanding of mobile device security. Generally, if the phone is off, we assume it's safe. However, the reality is far more frightening.
Phone Off... But How Is It Really On?
In modern smartphones, a normal 'shutdown' doesn't mean everything inside is powered down. Some chips and systems continue to operate in 'low-power mode'. For example, network modules, security lines of local chipsets, and several background signal processors. This loophole has become a golden opportunity for scammers.
Fraudsters use malware to fake the shutdown screen of a phone. Users believe their phone has turned off, yet the system remains fully operational inside. The screen is blacked out to make the phone appear 'dead', but the camera, microphone, network, and location services remain active in the background.
How Is the Scam Set Up?
In most cases, malware enters a phone through three main sources: fake delivery messages, quick loan apps, or APKs sent under the guise of ERP/banking documents. Once installed, malware gains system-level access.
What Can Criminals Do With an 'Off' Phone?
After a fake shutdown, the phone can still perform tasks akin to spyware: tracking location, reading banking OTPs, opening WhatsApp sessions, recording calls, and even turning on the camera.
Users assume the phone is off and thus stay unconcerned. Under this false sense of security, fraudsters construct your entire digital footprint and launch attacks on your accounts at the right time. In some cases, the phone appeared off, but kept sending signals.
In recent cases, technical analysis revealed that the victim’s phone appeared off, yet was constantly transmitting signals to mobile towers. This indicated that the phone was internally active.
Forensic teams discovered through log checks that malware, hidden at the SDK level, had hijacked the shutdown process.
Utilizing this trick, gangs can monitor people's movements. Some reports indicated that victims' off-phones provided location updates in BSS logs, technically possible only when the radio module is active.
Why Can’t Users Detect This Scam?
Because everything operates silently. The phone neither vibrates nor turns the screen on, and battery drain is minimal. The system is merely commanded to keep the screen off and pretend the phone is shutting down.
The cleverest part is that when the phone is fully operational, it periodically pings the network, and scammers can track where the user is at all times. The victim thinks the phone is off, leading to the greatest loss.
When Does This Scam Turn So Powerful?
It gains full force when malware acquires access to accessibility and device admin permissions. These are the same permissions some malicious apps request to read OTPs, record screens, and penetrate the phone's deep systems. Fake shutdown isn’t magic; it's a blatant abuse of permissions. If an app gains system-level control, it can override the real shutdown to display a fake one.
What Should You Do?
First and foremost, understand that a phone is fully off only when:
Apps haven’t received system-level permissions.
No malware is present on the phone.
Actual signal cut occurs when pressing shutdown.
Maintenance of a clean app environment helps prevent unauthorized system-level access.
Avoid suspicious APKs or loan/delivery links. Do not grant every app accessibility permissions. Carefully consider before making any app a device admin level.
