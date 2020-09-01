Scammers have good knowledge of social engineering tactics to steal money

By | Anil Rachamalla | Published: 12:12 am

The country is moving fast towards a cashless economy. UPI is a quick method to make payments digitally and is rapidly gaining popularity. Digital transactions have made life easier and saving time of going all the way to the vendor to pay cash/cheque or even logging on to internet to do a bank transaction.

It’s also obvious that with convenience definitely comes with its share of liabilities. All UPI applications i.e. Google Pay, PhonePe, Paytm are robust and technologically highly secured, but be cautious because scammers have good knowledge of social engineering tactics to steal money using phishing, vishing, smishing, malware, SIM cloning and other means.

KYC frauds through SMS/email/phone:

The victim gets an SMS/email having Short Links requesting the users to update the KYC of a Bank/Aadhar card or a PAN card. When the victims click on the link and fills up the detail the victims fills up the OTP details too and all details are automatically forwarded to the scammers phone, who then carries out money transfer using the OTP from the victim’s account.

Refunds or cash-back or expiring reward points through SMS/email/phone:

Scammers trick users into getting in touch with them for issues like refund or cash-back or expiring credit card reward points and giving away their details.

Detailed modus operandi:

Scammers follow a pattern whilst doing the social engineering frauds, and we have collated the sequence of steps that they do based on our interactions with the victims .

1. Fraudsters usually call targets to get their attention and impersonate themselves as bank representatives, calling for a regular issue like KYC updates, redeeming bonus points and cash-backs.

2. To make the call sound legitimate, they mimic the actual bank process, they proceed to ask verification questions like your date of birth, name and mobile number, etc.

3. Scammers usually create a false story that the victim may have to give their personal data to resolve the issue.

4. Once the scammer has convinced the victim, they proceed to ask the latter to download an application on their phone. Most common app is AnyDesk and other screen sharing devices, which are available on the Play Store/ App Store.

5. After downloading AnyDesk or any other screen sharing application, it asks for the user’s privacy permission, like any regular app. Please note that these apps can access everything on your phone.

6. The fraudsters will then ask the victim for the OTP which is generated on their phone. After the victim reveals the code, the hacker will also ask to grant permission from the phone.

7. When the app gets all permissions required, the caller starts to take full control of the victim’s phone without their knowledge. After getting full access to your phone, the scammer steals passwords and begins transacting with the victim’s UPI account.

8. Let’s also discuss four alternative methods of how they steal money

a. Fraudsters send an SMS and ask the victim to forward it on another number that they provide. After the message is successfully sent, it permits the fraudster to link the victim’s mobile number or account through UPI to their mobile.

b. Fraudsters send an SMS with Short Links and Google forms and asking them to fill the username/password and OTP/UPI details

c. Alternatively, the scammer (impersonating as buyers) sends a (regular) payment request to your virtual payment address on apps like Google Pay, PhonePe, Paytm, etc.

d. Alternatively, the scammer (Impersonating as buyers) sends a (QR code) payment request to your virtual payment address on apps like Google Pay, PhonePe, Paytm etc.

How to safeguard yourself

1. Never share OTP with anyone

2. Receiving money doesn’t require OTP or scanning QR codes

3. Don’t use suspicious apps on your smartphone

4. Contact official customer service numbers only

5. Never share cashcard number, CVV and expiry dates

6. Other tips include

a. Check for https:// (secured web address) and lock icon for secure online transactions

b. Never transfer or receive money while on call

c. Never fill Google Form on Short Links from unknown contacts

Stay Tuned to Cyber Talk Column on “Internet Ethics and Digital Wellness ” brought to you by Anil Rachamalla, End Now Foundation, www.endnowfoundation.org.

Now you can get handpicked stories from Telangana Today on Telegram everyday. Click the link to subscribe.

Click to follow Telangana Today Facebook page and Twitter .