A social engineering fraud using Mobile numbers similar to bank’s toll free number is underway.
Reliable inputs were received on a new modus operandi of social engineering frauds using mobile numbers.
The Reserve Bank of India (RBI) has issued a cautionary notice regarding a new fraud using mobile numbers. The State Bank of India (SBI) has uploaded the notice issued by the RBI’s Department of Supervision, Central Office Cyber Security & IT Risk Group (CSITE) on its website for its customers.
According to the notice, a social engineering fraud using mobile numbers similar to banks’ toll free number is underway. Reliable inputs were received by the department, on a new modus operandi of social engineering frauds using mobile numbers resembling a Supervised Entity’s (SE) Toll Free number and registering these mobile numbers in the name of that SE on caller identification mobile apps such as TrueCaller.
The manner in which the fraudsters are working is as below:
Suppose that a SE’s toll free number is 1800 123 1234 (not an actual number). The fraudster obtains a number, say 800 123 1234, resembling the SE’s tollfree number and registers successfully on the True caller app (or any caller identification application) as the toll free number of that SE.
An unsuspecting customer (victim) looking to contact the SE contacts the fraudster’s number registered on the TrueCaller application (800 123 1234) instead of the genuine toll-free number of the SE (1800 123 1234).
The person (fraudster) attending this call then lures the victim into providing sensitive details such as debit/ card credentials, username, OTP, etc. to access the victim’s account and carry out fraudulent transactions.
Supervised Entity or SEs can be any legal entity like banks, financial institutions and the notice also advises SEs to take necessary action to safeguard against this type of fraud. They may take suitable action to spread awareness among customers (display on bank branch notice boards, published on SE’s websites and Digital Media Signage, send SMS/ Emails to customers).
Therefore, it is always better to confirm the toll-free number of the company or bank you are about to call and never share confidential details of the account even with the bank’s executives.