April 2, 2021 10:19:44 pm
To steal money from bank accounts, cyber criminals in Himachal Pradesh have started opening fixed deposit accounts of their victims to bypass the one-time password (OTP) mechanism for money transfer. According to the state cyber police, this new modus operandi was used in two recent cyber crime incidents in which fraudsters obtained login credentials of their victims through phishing, then created fixed deposit accounts to transfer money into the victim’s own account, and finally used social engineering tactics to obtain money-transfer OTPs from the alarmed victims.
A few days ago, one Bansidhar Gautam from Solan received a message on his phone that Rs 90,000 had been transferred from his bank account. Though the money had actually been transferred into his own newly-created FD account, Gautam got concerned about the transfer as it showed a reduced balance in his account. He then fell prey to a fraudster who called him up immediately afterwards claiming to be a bank official. The caller told him that his account had been tampered with and that he must share an OTP received on his phone to get the transaction reversed and his money refunded. Gautam shared the OTP and immediately lost Rs 20,000 to the fraudster.
“Many people use a single phone number and email account both for operating their online bank accounts as well as for non-financial purposes such as social media. This makes them vulnerable to phishing attacks as fraudsters are easily able to obtain their login credentials by sending fake links over email, SMS or Whatsapp,” said additional SP Narvir Singh Rathore from the state cyber crime police station.
He said that once a criminal has the victim’s login credentials, he/she still needs an OTP to transfer money outside the account. But an OTP is not needed to transfer money into an FD account under the same name, and this loophole is being exploited by cyber fraudsters.
“They simply create a new FD or RD (recurring deposit) account using the victim’s existing netbanking account, and transfer money into it. The victim receives an SMS showing a reduced balance due to this transfer, and usually gets alarmed. The panicked victim then shares an OTP with the fraudster posing as a bank official, and soon afterwards, the money actually gets transferred outside the victim’s account and into the fraudster’s account,” he said.
In another recent case, Rakesh Sen, a resident of Kullu, received an SMS that Rs 18 lakh had been transferred from his account. However, he refused to divulge his OTP when the fraudsters called him posing as bank officials and instead complained to the bank and the police.
Rathore said that criminals usually adopt best practices in cyber crime prevalent elsewhere in the world, which currently happens to be this new modus operandi of opening FD accounts. “We appeal to netizens to never share their OTPs with anyone, to never overlook internet security and to use different numbers and emails for financial and non-financial purposes,” he said.
He added that the union ministry of home affairs (MHA) has formed joint cyber crime teams to combat cyber fraud in the hotbed sectors of Mewat, Jamtara and Ahmedabad, which has somewhat helped reduce cyber crime in the country due to coordination and information-sharing among state agencies.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.