If you are using your mobile phones for online money transactions then you must take note of this news. One of India's leading private sector bank, HDFC has said that fraudsters have devised a new technique of cheating people of their hard earned money by taking the remote access of users mobile phones.
Amid a huge spike in online banking fraud, HDFC Bank has issued a warning for all online banking users of a new scam. According to HDFC bank alert, fraudsters are stealing money from users’ bank accounts via UPI.
In this scam, hackers aim to gain unauthorised access to users UPI to blow money from the account. Hackers take the remote access of users' mobile phones through a remote device control app called AnyDesk, according to HDFC alert.
However, Reserve Bank of India (RBI) had already issued an alert regarding online banking fraud cases but still, it seems even like more people are falling for the same.
The Advisory of the Reserve Bank of India (RBI) states that applications like AnyDesk ask users for a regular privacy permit, which then gives hackers an unauthorized access to the users' phones. With the help of it, hackers then easily withdraw money from users' Wallet or UPI accounts.
How online banking fraud via UPI is being executed:
- Fraudster call users and to draw attention, they represent themselves as the bank's representative.
- To fool you, fraudster makes sure that the call is genuinely from the bank. They pretend as verifying your banking details such as name, date of birth and mobile number.
- The fraudster then tries to scare you that your card, mobile banking will get blocked due to the ongoing issues in the App. Then they offer solutions to fix the issues.
- Once hacker convinced you to believe their words, they will ask you to download an app to fix the problem. This app can be any AnyDesk or any other remote device control app like it.
- Once you download the AnyDesk app or similar one, it will ask you for privacy permissions just like another regular app.
- The fraudster will then ask you for a 9 digits appcode, which is generated in your phone.
- As soon as the fraud caller gets 9-digit code from you, he will ask you to grant permission from your phone.
- Now when the app gets all permissions required, the caller starts to take full control of your phone without your knowledge.
- After getting full access to your phone, a hacker steals passwords and transact with your UPI account.
- In another way, fraudsters might send one SMS and asks you to forward it on another number which he gives you. After the message is successfully sent, this allows the fraudster to link your mobile number or account through UPI to their mobile.
- Also, fraudsters send a 'collect request' or a refund request to your virtual payment address (VPA). Most users authorise these requests because they think they will get a refund for some transactions.
How to avoid getting trapped:
- Notably, this method is very safe for hackers and they can trap anyone in their web with its help. Hence, users are advised to not to attend such calls or disconnect it immediately as no bank official personally call users to fix any issues.
- Always avoid sharing bank accounts details over the phone. Also, if you have any doubt or issues, prefer visiting the bank branch.