 "Another cyber fraud: Being cautious can prevent you from becoming a victim")
As customers become more cautious about fraudsters’ tricks, the latter are using newer methods to steal funds from bank accounts and mobile wallets. Recently, the Reserve Bank of India (RBI) sent a letter to banks outlining a new method fraudsters are using to commit frauds.
Scammers lure victims to download an app, which gives them access to the victim’s mobile phone. One of the popular apps among scammers for this is AnyDesk. But there are various other apps with similar functionality. Once installed, AnyDesk generates a nine-digit identifier, which the scammer asks the victim to share. Once the fraudster inserts this code on his device, he asks the victim to grant app-related permissions. Soon after this, the fraudster gets access to the victim’s device.
Once the scammer has access to the device, he uses various ways to carry out mobile or wallet transactions. “The fraudster can see exactly what’s happening on the screen of the victim’s phone. If the victim receives a one-time password (OTP), the scammer can see it. Similarly, if the victim opens his banking apps and enters the credentials, a fraudster can know the passwords,” says Jayant Saran, partner, Deloitte India. According to RBI’s communication, such fraudulent transactions are more prevalent on Unified Payment Interface (UPI).
Cybersecurity experts say that fraudsters are moving away from common methods such as calling individuals and tricking them into revealing OTPs. They are now making use of technology rather than relying completely on social engineering, which means using different tricks to manipulate a person into divulging confidential and personal information. But most such frauds still require some amount of social engineering as the device is still with the bank account or wallet owner. “These are usually large volume and low-value frauds where many individuals are duped for a small amount of a few thousands,” says Siddharth Vishwanath, cybersecurity leader, PwC India. More often the calls are made from mobile phones located in smaller towns, which makes it difficult to raid and recover the money.
If you fall victim to such frauds, the entire loss has to be borne by you. RBI has come up with consumer protection norms in case of unauthorised electronic banking transactions. It states that in cases where the loss is due to a customer’s negligence, where he has shared his payment credentials, the customer will bear the entire loss until he reports the unauthorised transaction to the bank.
As such frauds require the individual to disclose specific details, being cautious can prevent you from becoming a victim. “Individuals should never disclose any details on calls made to them by any financial institution. It’s different when you call up the customer service,” says Saran. A person calling you may ask you to verify details. He or she may already have your card number and date of birth. Don’t confirm or deny any details even though the caller may have the right information. “It could be a fraudster verifying your details or seeking more information than what he already has,” says Saran.
Avoid downloading apps that the caller is suggesting. Sometimes, instead of making you download the app, the caller might send a link on a text message. Don’t click on such links. “Even when a person is downloading an app on his own, he should check the source or publisher of such apps and ensure that it’s from the right source. Usually, the publisher of the publisher of the banking app will be your bank,” says Siddharth Vishwanath.
He also adds that all banking customers and card users should subscribe to alerts. Most banks also allow setting a daily limit for transactions and also restrict the maximum amount that can be done in a single transaction. Make use of these features.
Outsmart fraudsters
- Don’t verify any information on incoming calls
- Set limits on digital banking transactions
- Subscribe to SMS and email alerts from banks
- Check publisher of the banking app before downloading it
- Don’t open attachments from unknown sources or click links in SMS or emails
- Avoid downloading apps being suggested by caller
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%