Sharing of OTP is where fraud end. But where do they begin?

Kaspersky has predicted that cyber fraud in India will increase going into 2021 owing to more users connecting to the internet and adopting digital payment modes.

This hardly comes as a surprise after seeing the sheer number of UPI and other consumer fraud we did in the last one year.

It has almost come to the point where every step we take towards growing our digital economy & increasing financial inclusion also presents an opportunity for fraudsters to con their way into the lives of common men.

For instance, consider the PM CARES fund. As soon as the government took the initiative to pool donations and create a UPI ID (pmcares@sbi), fraudsters instantly came up with several fake UPI IDs (pmcare@sbi/ pncares@sbi) to cheat gullible citizens.

We have been gathering insights based on our research on instances of fraud in the recent past. And the more stories we hear, the more we realise about the countless different ways of getting defrauded.

However, there is one thread that connects most of the stories that we came across.

Let me paraphrase some of the stories for you, and see if you too can spot the link.

An elderly man loses money to online fraud

An elderly person from Pune wanted to transfer money. He was not able to do it and the UPI application he was using showed a ‘server down’ message (we’ve all been here at some point).

As he was not able to transfer the money, he thought of calling the helpline number of the UPI app he found on Google.

The person who picked up the call sent him an SMS and asked to click on the link to download an app. After downloading it, the victim was asked to share a code which was generated on the app. As soon as he shared the code, a hefty sum was deducted from his account in 15 transactions. All in a matter of minutes.

The victim was made to download a remote screen sharing app called ‘AnyDesk’.

Here’s another similar story we stumbled across

A man in Uri wanted a refund for the cancellation of his air ticket and contacted the customer care number of his airline service provider he found online. He immediately received a call back and was told that the refund amount could be transferred immediately via Google Pay.

All he had to do was download a mobile application called ‘AnyDesk’ on his cell phone.

On following directions on the phone, all the money in his bank account got debited in a few transactions. This too, in a matter of minutes.

The common link in the two stories above seems fairly clear.

And if you’re thinking ‘AnyDesk’ was the culprit here, you’re not seeing the entire picture.

Yes, one might say that clicking on a link and downloading a third party app is never advisable, but that is something that just enabled the fraudsters to carry the fraud out. The real damage was done when victims called on the customer service numbers they found online.

That is the incidence point of most frauds we come across today and that is where the real game is being played. The first point of contact — where there is no certain way of telling the fake apart from the genuine.

Many unsuspecting customers end up looking for customer care numbers on Google rather than opening a service provider’s website or app and calling from there.

Or for that matter, many of the UPI and KYC related fraud that we encounter these days are similar in nature. They all begin with a call from an unknown number, impersonating to be a person of authority and asking for confidential information to take matters ahead.

Perhaps, one way to tighten the screws around the security of our digital payments infrastructure could be to stop calls from such fake numbers coming through altogether.

Are you a financial institution looking to protect your customers from such frauds? Come talk to us at IDfy…

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Earn a Guaranteed Limited Edition bePAY NFT — Happy Lunar New Year 2022

CYBERSECURE YOUR CHILDREN

What is ajoe ?

{UPDATE} Tunacycle Hack Free Resources Generator

SOCIAL ENGINEERING / FRAUD BY TECHNOLOGY

Hack The Box Setup & Nmap Errors

Landing.Tech #25 — Amazon Alexa security bug allowed access to voice history

Cyber security and health organisations

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
IDfy Editorial

IDfy Editorial

More from Medium

There is a wide variety of water and water filters available in Tenerife

Environmental Effects of Cloud-Based Computing

An illustration of a cloud in a data centre. The cloud is filled with icons of all the different devices that require cloud technology. The cloud has lines linking to the servers in the data centre.

New “Prize” in Energy: “Epic Quest for Data”

How are wave cut platforms formed?