PUNE: It's not just
clever tech planning but also inside information that apparently helped cyber
thieves withdraw huge amounts of money from the accounts of people using the
virtual funds transfer route.
Earlier this month, a
businessman (Rajesh Bipinchandra Kamdar) was duped of Rs 19 lakh electronically
in a cyberattack that targeted his bank account, where the fraudsters had
blocked his cellphone sim to execute the fraud. As many as ten transactions
were made from his bank account and the amounts were transferred to banks
located in different parts of country. In a similar case earlier, Sanjay Govind
Dhande (65), a former professor at IIT-Kanpur who now lives in Pune, also found
Rs 19 lakh siphoned off from his bank account in a similar manner.
Cybercrime officials, who
have leads on two of the four net-banking theft cases reported this month,
revealed that in the case of the businessman who lost Rs 19 lakh, fraudsters
submitted a copy of his passport to the mobile company to get another sim card
issued. "The mobile company employee who issued a new sim in Kamdar's case
has been traced, which will help us reach the fraudsters, who may be the same
people in both cases as the IP address used in both cases is the same and has
been traced to Nagpur," a cybercrime official said.
The official explained
that once the second sim card was issued to the fraudster and it was activated,
the first one in the victim's phone automatically got deactivated.
"Investigations also revealed that the businessman's number had been
diverted to another number (of a different mobile service provider) in Daund
that had been deactivated six months ago. All calls made on his number were
getting routed to this particular deactivated number," said the official,
adding that in the meantime, Rs 19 lakh from his account were transferred to
banks in Bhopal, Jaipur, Mumbai, New Delhi and Bangalore.
A cybercrime scrutiny
expert said in many such internet banking related frauds, the cybercriminals
usually have an insider in the mobile company as well as the bank. "The
insider within a bank may provide the fraudster with information such as the
'fattest' account in the bank, the account number, user ID, the registered
mobile number and even the prospective victim's KYC documents. The fraudster
now knows the mobile company whose services the victim is using and arranges
for an insider in that company to get the victim's KYC details. Without these
insiders, such crimes are not possible," he said.
The expert added that the
fraudster then uses these bogus documents to have another sim card issued to
him. Once the sim is activated, he tries to reset the victim's online banking
password for which the one-time-password is sent to the user's mobile number
(which now the fraudster has via the duplicate sim).
Another cybercrime expert
added that selling credentials of people is currently one of the biggest
underground industry today, from where many fraudsters get the KYC details they
seek. "There are also many duplicate sim card selling agents with vested
interests within mobile service providers," the expert added.
A senior official from
the cyber crime cell in the city told TOI there have been four to five such
cases this month, where the victims' sim was blocked and cyber criminals
transferred money from their bank accounts.
The official added that
the money was transferred to 'fake beneficiary accounts' created by fraudsters
in different banks across the country. "Fraudsters are able to create fake
beneficiary accounts producing bogus KYC forms of people in whose names they
open these accounts. Often, banks do not undertake KYC verification of each and
every customer opening an account as it is a mammoth task," he said.
The official said that it
is also very easy nowadays to hack into the victim's online banking username
and password to execute such frauds. "If a prospective victim is using
wi-fi, a seasoned hacker will know exactly how to get the information being
punched in on the victim's computer even though he (victim) may be sitting
somewhere else but in the same network," the official said.
Expert Speak:
"Upon receiving any
alert of a bank transaction on the phone or upon having the sim suddenly
deactivated, one should immediately visit the bank and ask the concerned
authority to freeze all transactions. He should then lodge a complaint at the
police station."
Sandip Gadiya, a
cybercrime investigation expert
"Whenever people
submit photocopies of pan cards or identification or address proofs, they have
to make sure that it is going in trusted hands"
Sagar Rahurkar, a
certified fraud examiner, said that
How the fraudsters did it?
Approached the mobile
service providers, produced fake KYC documents of the victim and got a
duplicate sim of the victim's number issued.
Activated the second sim
card, because of which the original sim card with the victim got blocked.
Made several
transactions, transferring victim's money into fake beneficiary accounts, in
addition to online shopping transactions.
The criminals could hack
into the victim's internet banking password to execute the crime.
'Banks should ensure
safety of customer information'
"As financial
institutions in India interact with more of their customers electronically,
they face unique challenges in ensuring that every single new channel touching
a customer is secure. This is vital with cyber threats growing in
sophistication and increasing the numbers of financially motivated attacks, and
exploiting security weaknesses across multiple channels of the bank and ATMs
are no exception," said Anand Naik, managing director - Sales, India and
SAARC, Symantec.
He added that cyber criminals are always looking for newer
avenues namely social networks, unprotected mobile devices and unregulated
usage of cloud services to not only attack an individual's identity but also
their financial information. "These areas often lack security features
such as encryption, access control, and manageability, providing a massive
opportunity to cybercriminals. As banks shift from a branch-centric culture to
a digital-centric approach to deliver great customer experience across multiple
channels, they need to adopt an information-centric view of security. In fact,
banks are mandated by RBI guidelines to implement comprehensive security
measures such as two-factor authentication to protect customer information,
identity and transactions," said Naik.
Improve your bad score and keep your good credit score intact. Consult us: Doctors for all your financial worries: Cibil Consultants
Improve your bad score and keep your good credit score intact. Consult us: Doctors for all your financial worries: Cibil Consultants
Source: Secondary
No comments:
Post a Comment