In a first, a new scam has been discovered where a customer was lured to install a third party application which enables access to the bank account. A bank official from Bengaluru lost INR 1 lakh after scammers garnered access to his smartphone by luring him to download an application that leads to malicious access.
Narayan Hegde, a former employee of Syndicate Bank was tricked when he installed the AnyDesk application. Hegde was an e-wallet user and was seeking help in re-installing the application on his phone. When he dialled one of the numbers found after an online search for mobile wallet’s helpline, he was advised to download the AnyDesk application and send the hashed string text which he received.
Soon after sending the text, money was withdrawn from his account in multiple rounds of debits. After contacting his bank’s branch he found that money was transferred to Aditya Birla Payments Bank account utilizing the UPI platform.
“Banks shouldn’t make their clients run around and should follow the RBI guidelines to pay up customers when they fall prey to such frauds. Even former bank employees are not spared,” said Prashant Mali, a cyber law expert and a Bombay high court lawyer.
Speaking in a similar tone, Bharat Panchal, head of risk management at NPCI said, “While NPCI is continuously working towards enhancing the security of its products and services from such attacks, this type of fraud can be better prevented by consumer education. The entire ecosystem, including banks and fintech companies, has to work collectively towards creating awareness and educating customers to refrain from sharing their account/card credentials, OTP/PIN and/or giving access to their mobile handsets to unscrupulous persons through such remote screen-access apps.’’
