Smartphones are such a boon. We can stay connected, shop online, click pictures and even manage money with their help. But if we’re not careful, they can be a bane as well. Case in point, this incident of UPI App fraud that is seriously worrying.
Mohan Lal, a 30-year-old SBI customer, is a resident of Noida. He lodged a complaint with the police alleging that INR 6.80 Lacs had been wiped out from his savings account. The victim complained that he did not receive any notification or message regarding the digital transactions. He belatedly found out when he went to an ATM to withdraw cash. On enquiring with his bank branch, he found a total of 7 transactions carried out via UPI App. Interestingly, he does not even own a smartphone. The police have referred the case to the Cyber Cell as its likely that he was defrauded by hackers.
Smartphones are required for UPI Apps BUT not for access to UPI profiles
Dialling *99# gives access to UPI profile from any mobile phone. If a scamster wants to steal money, all he needs to do is misuse the bank registered mobile number.
So, how could this have happened? Modus Operandi of hackers explained.
In a Times of India report, an official from the Cyber Crime Cell explained how this type of fraud is committed.
“Hackers can get a duplicate SIM from a mobile store by blocking the original one. Once they have the new connection, they can download the UPI app on a cell phone and then register the bank account details with it to illegally transfer money. They can also clone the SIM card of those who already using the UPI app and transfer money after downloading the app.”
Scary right? We thought so too. So, we decided to dig deeper. According to Gadgets Now, for the SIM Swap to work, the hackers need our unique 20-digit SIM card number. They obtain this information by calling us and pretending they are executives from our network service provider. After obtaining this number they dupe us into pressing 1. This completes the hijack. We stop receiving signal or OTPs and the new SIM does.
2. Fraudulent SMS
An article by The Hindu gives us another common method of how scams are carried out. Have a look.
Three victims in Kerala are reported to have lost a total of INR 12 lacs to these hackers.
If we accidentally open fake versions of Internet Banking websites, our passwords get compromised. Fake banking apps and insecure payment gateways can also leak sensitive details.
How can such a scenario be avoided?
By not sharing any confidential information over SMS or phone call. And social media. These include OTPs, passwords, debit card details, ATM PIN, Aadhaar number or SIM card number.
— India Be Safe. India Pay Digital. (@NPCI_NPCI) November 29, 2018
This video by National Payments Corporation of India outlines basic safeguards against frauds. Share it and stay alert guys.