Transferring money from mobile to mobile may be very easy, but fraudsters are increasingly using different ploys to gain unauthorised access of your mobile device.
You may be using your mobile to transfer money via Unified Payment Interface (UPI) as you don’t have to remember account number of even your own bank or seek account details of the person to whom you want to transfer money or to receive a payment. Transferring money from mobile to mobile may be very easy, but fraudsters are increasingly using different ploys to gain unauthorised access of your mobile device.
Warning its customers of increasing instances of frauds involving UPI payments, HDFC Bank says, “One of the recent techniques involves a fraudster taking unauthorised access of a victim’s mobile device to carry out fraudulent transactions via UPI using the AnyDesk, Team Viewer or any other third party App.”
The Bank also describe how the fraudsters may befool you:
- You may receive a phone call from a fraudster, who will claim to be a representative from a bank or tech company offering to fix issues in your mobile banking apps or in your smartphone. He may also pose as a Branch Manager / Complaint Manager calling you to fix your genuine registered complaint which you may have with respect to the Online / Mobile Banking
- Fraudsters may find your phone number from the social media or even from the complaint desk
- The fraudster will then lure you to download a mobile app like ‘AnyDesk’, ‘Team Viewer ‘ or any third party App from Play Store or App Store, which can provide him with remote access to your mobile.
- Post the installation of the app a few digit code will be generated, which the fraudster will ask you to share.
- After getting the code the fraudster may further ask you to grant him certain permissions. If you grant the permission, the fraudster will gain control of your mobile device.
- Further, Mobile Banking credentials and PIN are vished (stolen) from you and the fraudster can now choose to carry out financial transactions from your mobile app which was already installed.
- They also forward an SMS to you and advise you to forward it to a specific mobile number from your phone.
- Once the message is forwarded, the fraudster is able to link / register your mobile number / account with UPI on his own mobile device.
- Subsequently, the fraudster may also seek confidential account related credentials like Debit Card number, PIN, expiry date, OTP and sets the MPIN which is then used to authenticate transactions.
- In few instances fraudsters could also send “Collect request” to your VPA and ask you to approve / authenticate it on the respective UPI apps to get reversal / refunds. Please note that UPI PIN is NOT required to be entered to receive payment from anyone.
- If you approve the request by authenticating the transaction with MPIN (which is only known to you) assuming that you will get credit / refund in your account, you might end up losing money since your account gets debited once the collect request is approved / authenticated.
To keep fraudsters at bay, the Bank has asked its customers to stay alert and follow the Dos & Don’ts listed below:
- Be alert to fraudulent calls (vishing) that ask you to download third party apps or share confidential information (disconnect such calls immediately)
- In case you have already downloaded any remote access app and it is no longer required, immediately uninstall it
- Enable app-lock on your payment or mobile banking related apps.
- Report any suspicious activity at your nearest Bank Branch / authorised customer care number only
- Never share your banking passwords or store them in your mobile handset.
- Never share your other sensitive financial details on call such as UPI PIN / MPIN, Debit / Credit Card, CVV, expiry date, OTP, ATM PIN, bank account details, etc.
- Never allow a stranger to guide you to install a mobile app through App Store / Play store, or instruct you to change a setting of your mobile.
- Never retrieve customer service numbers of various merchants / entities / banks etc. via Google search since they can be fake.
- Never forward any unsolicited SMS received on a request of so called representative from a tech company/ bank.
- Never carelessly share your private details such as mobile number, address, DOB, identity details, etc. on the social forums.