KYC expiration pretext used in multiple cases of online fraud
By- Ananya Yadav
A text message with a pretext of KYC expiration for a popular e-wallet was sent to multiple victims of online fraud in Bibvewadi, Pune. A 61-year-old man was duped of Rs 1,11,138 after he called a phone number mentioned in an SMS he received on his mobile phone on April 17, according to police. He lost money from three different bank accounts.
In a similar incident, another person was duped of Rs 1,96,393 after he called the number mentioned in an SMS he received on April 17.
In yet another case registered on Sunday, a 55-year-old man lost Rs 43,998 through multiple transactions. All complainants in the case are above 55 years of age.
The SMS warned the complainants of expiration of know-your-customer (KYC) sections of their e-wallet. The SMS provided them with a phone number on which they could call to extend their KYC. Once the complainants called the number, the callers tricked them into making a transaction of Rs 1 and told the complainants that the transactions failed due to expired KYC. To update the KYC, they were asked to download an application called Quick Support App onto their mobile phones. The application provided access to the bank details of the complainants’ links with the e-wallet. Without sharing any more details of the case, police inspector crime Muralidhar Khokale of Bibvewadi police station said that the police station has received more such complaints.
The trend of using the false pretext of the e-wallet’s KYC expiration to commit online fraud started around a year ago, according to police inspector Jayram Paygude of the cyber police station.
“People share confidential information, OTPs and download whatever the caller asks them to without verifying. That is a problem,” said PI Paygude. The cases have come on the radar of the city police’s cybercrime cell.
The Reserve Bank of India has made KYC mandatory for mobile wallet users. Scammers have used KYC as an entry point. Usually, the victim gets a text message stating his e-wallet needs to be KYC compliant; he is asked to call the telephone number provided in the message. To update the KYC, he is asked to download an app, usually TeamViewer Quick Support or AnyDesk — these are remote access control mobile apps. The phishers ask you to transfer Rs 1 to check the status of the e-wallet.
While the customer is entering a password or PIN for his e-wallet, the scammers are collecting details being entered alongside. They now have access to your mobile wallet ID and password. Soon your bank account is linked to the mobile. The wallet is debited to other accounts using different transactions.
Tips to prevent other types of frauds
• Unified payments interface (UPI) has a feature where you or the merchant can send the user a request to collect money.
• Rajesh Mirjankar, managing director (MD) and chief executive officer, InfrasoftTech, says, “Use digital payment modes only on trusted and verified websites. Remember that for UPI transactions, the PIN is never asked on the merchant site. It is always entered on your PSP app. Also, note that the credit transaction does not need the client to provide a mobile PIN.”
• Remember you don’t need to authorise a transaction if the money is being transferred to your account, but the fraudster makes you believe you do and you end up sharing the PIN, and your hard-earned money gets re-routed.
• Sanjay Katkar, joint MD and chief technology officer, Quick Heal Technologies, says, “The mobile app claiming to speed up your smartphone actually wants to wrest control of your phone and sniff out all the stored passwords.”
• Another method fraudsters use is by spreading fake customer care numbers for banks or UPI platforms online. And when you run a search online, you often end up calling these numbers.
• Visit a bank or type out the whole URL to avoid being scammed.
• It is not possible to do KYC over a phone call or by downloading any third-party apps. In order to scam you, fraudsters may even tell you that your existing bank KYC or digital wallet is invalid and they can re-validate it online. This is again not possible.
• Never share your bank account, card or any other such details with a caller.
• Do not download apps like Anydesk, TeamViewer or Screenshare on any caller’s request. These apps allow a fraudster to see all your passwords, PINs and other important details.
• Genuine PhonePe representatives will never call you to do your KYC over the phone or ask you to download third party apps.