Kambli hastened to report the scam to the concerned bank and register an FIR with the police and managed to get his money bank. However, not everyone is lucky.
This is one of the many frauds in which fraudsters duped hundreds and thousands of digital payment users to lose their hard earned money. While the modus operandi of each fraud is different, the concept of social engineering fraud is the same – they are carried forward through direct human interaction, in which the fraudster calls the victim as an executive and asks him or her to extort money. Misleads to break security procedures. from his bank account.
Mint tells you about wishing frauds related to various digital payments and how to avoid them.
Pending KYC Fraud: This is one of the most common tricks used to commit crimes. The fraudsters call the victim as an executive of the bank or card company and inform them that their card or bank account will be disabled if they do not complete the KYC on it. They create an urgency to trick the victim and manipulate them to deliver sensitive information.
This is done in several ways.
First, the swindler asks the victim to share their card or bank details that they are talking to the right customer. Once they have the details, they initiate a transaction and ask for a one-time password (OTP) sent to the victim’s mobile phone to complete the KYC process. The OTP is to actually complete the transaction.
Second, the swindler asks the victim to download remote access mobile apps like Teamviewer, AnyDesk, Splashtop, ConnectWise etc., adding that they can help them to complete the online process through this app so that the customer has to travel on the go. Don’t have to bank.
Rahul Tyagi, Co-Founder, SafeSecurity, said, “The fraudster makes a small payment to the victim and when the latter keys in the card or bank statement, the fraudster copies the information and uses it to commit the fraud.
These apps are not malicious and are used by companies to help their customers resolve technical glitches by remotely assisting them by accessing their devices. Hackers are using these apps to commit sophisticated crimes.
“The biggest red flag in this fraud is that no merchant, payment company, bank or card company will ever ask you to pay while they have access to your phone. They may ask you for general information but you Will never conduct payment activity. In fact, banks never ask customers to download third-party apps,” Tyagi said.
Data leak from e-commerce companies: Recently, employees of some e-commerce companies have been selling data related to big-ticket purchases made by customers to fraudsters. When a customer makes a purchase from an e-commerce website, Conman asks that customer to reward him 2-3 days after the purchase that he has been selected in the lucky draw. The hacker uses information related to that purchase received from an employee of an e-commerce company to establish the genuineness of the call. Once the customer is convinced, the thief sends a QR code to the customer promising a cashback reward.
The QR code opens into a ‘Request Payment’ link. Most customers don’t pay attention and end up sending money. Some customers notice the request payment message, but fraudsters have a counter to it as well. “The fraudster sends a new ‘test link’ saying that the client should try with 1 To see that the money is credited back immediately along with the reward. Once assured, the victim sends the ‘cashback’ amount, which of course is never returned,” Tyagi said.
The general rule of UPI payment is that the user never has to scan the QR code or click on the link received through SMS or email to receive the payment.
SIM SWAP SCAM: Tyagi said it is a very dangerous scam because when it is successfully executed, it gives fraudsters access to all financial information of an individual. Fraudsters mainly target high-net-worth individuals (HNIs) through this scam. The thug called the victim posing as a telecom company executive saying that their SIM would expire in the next 24 hours and they would need a 10-digit unique number on the SIM card to initiate the request to continue the connection.
“The customers don’t realize how important this 10 digit number is. It is used to port the number to a different operator. Once the subscriber shares this number, the fraudster makes a porting request whose After that the SIM gets locked for 24 hours. Fraudsters use this 24-hour window to issue a new SIM to the same number and then use it to password of the victim’s net banking, mobile wallet, UPI and other important apps. Two-factor authentication through an app like Microsoft Authenticator or Google Authenticator can protect customers from such scams, he said.
“Most of us make a mistake by relying only on OTP-based 2FA as a security measure. When a mobile phone or SIM is tampered with, the OTP sent via SMS can be easily seen by the fraudsters, which is not the case with an app-based authenticator as the validity of the authentication code is only 30 seconds and it can be Cannot be easily cracked through remote access. Tyagi said.
Fake customer service coordinates fraud: Fraudsters create fake customer service numbers of merchants on Google, Twitter, Facebook, and Google Maps to trick customers into calling them instead of the company they want to file a complaint with. Huh. When you go looking for a company’s customer service coordinates on social media or Google, there’s a high chance you might be calling a fraud. It is clear as follows – the fraudster tricks the victim into disclosing his bank account or card details.
If you wish to register a complaint, you should simply call the number provided on the merchant’s website or verified social media page.
As a general practice, do not share your sensitive financial information or OTPs with anyone over the phone.
Don’t miss a story! Stay connected and informed with Mint.
download
Our App Now!!
,