As Google allows anyone to upload an app on Play Store, a lot many scamsters are uploading apps with names very similar to government-backed apps
With most of us now making financial transactions over mobile apps, it’s all the more important to know how scamsters can rob you. Let’s look at the most common ways.
Email phising is an old trick. The new kinds of phishing attacks are more sophisticated. More important, they are focused on getting your payment information or personal information, which is then used to operate other services. With many startups operating in the payment space, it has become easier for con artistes to masquerade as agents for the company, asking you to divulge your Aadhaar or payment IDs.
Such is the extent of the problem that last week PayTM chief Vijay Shekhar Sharma had to tweet about the issue asking users to verify details of KYC agents before declaring any information. The same is common for credit card frauds and other banking data, where an unidentified person would ask you to share card details (CVV, more importantly) over the phone to transact online. This is quite common for shopping websites as well, where con-artistes represent themselves as customer complaint executives for such companies.
It is always be better to circle back to the company or bank website for customer complaints.
A new form of phishing is in the news —called app phishing, it is most seen with government apps. As Google allows anyone to upload any app, a lot many are uploading apps with names very similar to government-backed apps. One example is BHIM. First-time users are scammed as they download an app with the suffix BHIM.
It requires them to give all personal details including bank account information and card number. In other instances, some apps require you to disclose your Aadhaar number.
A good idea, thus, would be to first check the app maker and confirm whether it is a legit company. State Bank of India (SBI), for instance, has a lot many related apps and they all would show if you get on to SBI BHIM. Two, none of the BHIM or any other apps should require your personal or financial information. As your mobile phone number is linked to your Aadhaar and financial accounts, no bank or company shall ask for this information. Similarly, as all information is linked, most apps only require the last four or six digits of your card; that too, to change your UPI PIN.
The way this works is that one way or another—either as call centre or via an app—scammers try to get your personal details. Most scammers are looking for your Aadhaar details. In the age of WhatsApp, most people forget to check their messages and this further helps scammers. Once they acquire your details, they go to a friendly mobile store and get a new SIM issued on this ID. Once that is done, your phone would stop working and all OTP and other details would go to your new SIM number, making it easier for scammers to wipe out your account.
The best way to avoid this is to subscribe to SMS and email alerts, and be wary if your phone goes off for more than a few hours. More importantly, keep checking your messages. You can also keep a different notification tone for bank messages.