HDFC Bank has issued a warning to all online banking users about a new scam in which fraudsters are stealing money via UPI. In this scam, the fraudster aims to gain unauthorized access to a victim’s mobile device through remote device control apps like AnyDesk. The Reserve Bank of India (RBI) had earlier issued a similar warning but it seems more people are falling for the same.
In a recent advisory, the RBI has advised that while apps like AnyDesk asks for regular privacy permissions, it is capable of acquiring full access to your smartphone remotely and would let fraudsters carry out banking transactions remotely. Here is everything you must know the new UPI online banking fraud that you must know.
The fraudster will call you as a bank representative to grab your attention
To fool you and make the call appear real, the fraudster will verify your details like name, date of birth and mobile number
The fraud caller will then tell you that there is some problem with your mobile banking app and will offer solutions to fix the issues
The caller will try his best to scare you by saying your card, mobile banking will get blocked or something similar to convince you
The caller will simply try to convince you to download an app to solve ‘the problem’. This app could be ‘AnyDesk’ or other similar remote device control app
After you download the AnyDesk or similar app, it will ask for privacy permissions like any other regular app
The fraud caller will then ask for a 9-digit app code that is generated on the victim’s phone
Once the fraudster gets this 9 digit code, the caller will ask the victim to grant permission from the device
When the app to gets all the required permissions, it takes full control of your device without your knowledge
After getting full access to the victim’s phone, the fraudster remotely steals passwords and transact from your UPI accounts
Sometimes, the fraudster might send one SMS and advise you to forward it to a specific mobile number from your phone
This SMS simply allows the fraudster to link your mobile number or account with UPI on his own mobile device
Also, the fraudster might send a “Collect request”or a refund request to your VPA account. Victims authorise such requests thinking they will get refund for some transaction
These are typical vishing calls. Readers are highly advised to disconnect such calls immediately as no real bank official will ever personally call you to fix an issue