OTP

Beware! Here’s how fraudsters can transfer your money without OTP

  • Suresh is a math teacher in a high school, he gets a call one day. The person on the other end says that he is an officer of Canara Bank and he has received a call from the police station to freeze your account, he will call you now and you should merge that call with this call, by the time Suresh realizes what is happening, the call comes back and he merges it with this call. Later he finds out that the second call is a call to inform about the OTP and that Rs 2 lakh has been transferred from his account and he has become a victim of call merging cyber crime.
  • Joseph is a businessman, he installs an online loan app on his phone which he got through the Telegram app for a small loan, later he finds out that Rs 1.25 lakh has been transferred from his account and that the loan app had stolen and read his OTP sms without his knowledge.
  • Iqbal buys a laptop from a Croma store. Next day he receives an email, in which he says that he has won ten thousand in the lucky draw and to get it, he has to click on the link given below and provide his details. Iqbal happily clicks on the link. Two days later, he finds out that 78 thousand rupees have been transferred from his account and that the link had installed a malware on his phone and using which he had read his OTP sms.
  • Vineet Jain calls the bank’s helpline number found in a Google search to complain that his mobile banking app is not working. The person on the other end ask him to install a remote access app called anydesk and gives him control to help him. After the call ends, it is revealed that 3.4 lakh rupees have been transferred from Vineet’s bank account and that the phone number is a fake helpline number and the OTP was stolen under the pretext of helping using remote access.

By the time we all understand that we should not share OTP with strangers, cyber criminals have devised ways in which they can steal our money without asking for OTP from us. I have given four examples above of how cyber criminals steal our money without getting the OTP from us. I have written about another way, Aadhaar Enabled Payment System (AEPS).

To protect yourself from such OTP-less cyber frauds:

  • Always follow the principle of ‘Patience, Zero Trust and Verification’ for all digital transactions.
  • Do not click on any hyperlinks in SMS messages or emails from any unknown person or scan QR codes or install APK/apps.
  • Instead of using Google search to find the helpline number of a bank or any organization, type the URL of the official website yourself or use the number on the back of your debit/credit card.
  • Never share Aadhaar, PAN number or bank details with strangers, share only voter ID or driving license for identification if really necessary.
  • Lock your Aadhaar biometric check on the Aadhaar website (www.uidai.gov.in) or mAadhaar app and unlock it when you need to perform biometric verification.
  • Reject calls from strangers asking to merge calls.

If you are a victim of such fraud :

Immediately call the cyber helpline 1930 or file a complaint on the website www.cybercrime.gov.in. If you have shared Aadhaar with someone, lock your Aadhaar card on the website www.uidai.gov.in or on the maadhaar app. Call the concerned bank to freeze the funds and file a complaint. Change the passwords/PINs of the exposed banking accounts. If you suspect a malware/virus attack after scanning the QR code, format or factory reset the device.

Legal remedies available to victims:-

You can file a criminal case at your nearest cyber or general police station under the following legal sections or as suggested by the police based on your case:

  • Indian Penal Code (IPC) Sections 303 (Theft), 319 (Punishment for cheating by impersonation), 336 and 318 (Cheating), Section 323 (Unlawful extraction of data), Section 329 (Criminal trespass), Section 338 (Forgery), Section 337 (Punishment for forgery/forgery), and Section 340 (Use of forgery/forged document).
  • Information Technology Act (IT) Act 2000/08 Section 43 (Penalty and compensation for damage to computer, computing device etc.), Section 65 (Wrecking computer), Section 66 (Punishment for computer related offences – person who steals data, spreads virus to system, destroys data, hacks, or denies access to computer or network to authorised person), Section 66C (which provides for penalty for identity theft and fraudulent or dishonest use of a person’s identity information) and Section 66D (Punishment for fraud committed by impersonation using computer resources).

Published by admin

Please check about me page

Leave a Reply

Your email address will not be published. Required fields are marked *