Don’t Become a Victim of KYC and Reward – Frauds :
- In the recent trends the whole country is rushing towards a cashless economy. UPI is a fasted method to make payments digitally and is rapidly gaining immense popularity. Digital transactions have made life easier and saving time of going all way to vendor pay the cash / cheque or even logging on to internet to do a bank transaction.
- It’s also obvious that , convenience definitely comes with its share of liabilities and that’s what we’re going to see in this article. All UPI Apps i.e. Google Pay, PhonePe, Paytm are robust and technologically highly secured, but be cautious that Scammers have good knowledge of social engineering tactics to steal the money using Phishing, Vishing, Smishing, Malware, SIM Clone and other means.
KYC Frauds through SMS / Email / Phone :
- The victim gets an SMS / Email having Short Links requesting the users to update the KYC of a Bank / Aadhar Card or a PAN Card. When the victims click on the link and fills up the detail the victims fills up the OTP details too and all details are automatically forwarded to the scammers phone, who then carries out money transfer using the OTP from the victim’s account.
Refunds or Cash-back or Expiring Reward Points through SMS / Email / Phone :
- Scammers trick users into getting in touch with them for issues like refund or cash-back or expiring credit card reward points and giving away their details.
Detailed Modus Operandi :
- 1. Fraudsters usually call targets to get their attention, they impersonate themselves as a bank representatives, calling for a regular issue like KYC updates, Redeeming Bonus Points and Cash Backs.
- 2. To make the call sound legitimate, they mimic the actual bank process, they proceed to ask verification questions like your date of birth, name and mobile number etc.
- 3. Scammers usually create a false story that the victim may have to give their personal data to resolve the issue.
- 4. Once the Scammer has convinced the victim, they proceed to ask the latter to download an application on their phone. Most common app is AnyDesk and other screen sharing devices, which are available on the Play Store / App Store.
- 5. After downloading AnyDesk or any other screen sharing application, it asks for the user’s privacy permission, like any regular app. Please note that these apps can access everything on your phone.
- 6. The Scammers will then ask the victim for a OTP, which is generated on their phone. After the victim reveals the code, the hacker will also ask to grant permission from the phone.
- 7. When the app acquires all permissions required, the caller starts to take full control of the victim’s phone without their knowledge. After getting full access to your phone, a scammer steals passwords and begins transacting with the victim’s UPI account.
- 8. Let’s also discuss 04 Alternatively methods of how they steal money ..
- a. Fraudsters send an SMS and ask the victim to forward it on another number that they provide. After the message is successfully sent, it permits the fraudster to link the victim’s mobile number or account through UPI to their mobile.
- b. Fraudsters send an SMS with Short Links and Google forms and asking them to fill the username / password and OTP / UPI Details
- c. Alternatively Scammer (Impersonating as buyers) sends a (regular) payment request to your Virtual Payment Address on apps like Google Pay, PhonePe, Paytm etc
- d. Alternatively Scammer (Impersonating as buyers) sends a (QR Code) payment request to your Virtual Payment Address on apps like Google Pay, PhonePe, Paytm etc.
How to Safeguard Yourself :
- 1. Never share OTP with anyone.
- 2. Receiving money doesn’t require OTP
- 3. Receiving money doesn’t require Scanning QR Codes
- 4. Don’t use suspicious apps on your smartphone
- 5. Contact official customer service numbers only
- 6. Never Share Card Number, CVV and Expiry Dates
- 7. Other Tips Include
- a. Check for https:// and lock icon for secure online transactions
- b. Never Transfer or Receive Money while on Call
- c. Never Fill Google From on Short Links from unknown contacts