The Internet has not just made our lives simpler but has also made it better and comfortable. Today, we can communicate instantly with anyone living anywhere across the world. With just a few clicks most of our work is done instantly. However, the advancement of the Internet had placed us at the centre of cyber frauds. In this article, we discuss, some of the cases of Online Scams or Online Frauds that many Indians have been the victim of, UPI fraud, What is AnyDesk? How does AnyDesk work? RBI Notice? How to avoid Online frauds? How to report a cybercrime. Read the below cases to ensure that you are not being the next online victim.
Table of Contents
Online Fraud: UPI Fraud, KYC Fraud,AnyDesk
A woman in Bengaluru lost her entire savings in her bank after she dialled a fake Zomato Call Centre number that she found on Google search. She wanted to seek a refund for her order. As she were struggling to find a customer care number on the Zomato app, she googled it and dialled a number from the search results. She was told the refund amount could be transferred immediately via Google Pay and she would have to download a mobile application called Any Desk. On following the steps dictated by the voice on phone, all the money in her bank account – Rs 17,286 – got debited. These scams happen when the victim opens online banking app or UPI app on his phone to do a transaction, without knowing that someone is watching through AnyDesk. Note, AnyDesk is a legitimate app which is a remote desktop software tool, which provides a third party a complete view of the user’s screen. Scamsters just use it to their advantage. Ref: Beware: One wrong Google search can wipe out your entire bank account, Woman reportedly lost Rs 95,000 to fake ‘Swiggy Go’ helpline
There have been several such cases over the past few months where the fake customer care representatives ask for the customer bank details in the pretext of helping them or they even share the link an application in which customers are asked to download on their phones to get the refund. Websites like Zomato, Swiggy, PayTM, and even government organizations like EPFO have been the victim of such threats.
RBI issued the notice (shown below)
“Fraudsters may ask you to download AnyDesk App and share a 9-digit code which gets them access to your phone to steal money. Any Desk is capable of acquiring full access to your smartphone remotely and would let fraudsters carry out banking transactions remotely”
Fraudsters call up the victim and tell him his KYC needs to be validated, offer to help him complete the procedure online and then hack into his bank account. In July 2019, Sandeep Choubey of Indore got a call from a man who identified himself as a customer care executive from an online food-ordering company. He lost ₹2.28 lakh to the fraud. In Sep 2019, Mumbai based Dhananjay Joshi lost ₹1.6 lakh after a fraudster got him to download an app to complete his KYC details. Police are looking into the case.
How to avoid Online frauds
In order to prevent such frauds, this is what you should not do:
- Never share details such as debit card number, expiry date, registration OTPs on the call or other media. The bank never asks for such details.
- Avoid clicking on unknown links or forwarding any suspicious SMS
- Never share your UPI MPIN with anyone.
Banks and other financial institutions have been warning customers never to share their OTPs and their bank account details with anyone over the phone or via SMS. Also, bank officials never ask such details from their customers.
AnyDesk or TeamViewer QuickSupport is a screen-sharing platform. It is a very useful tool for IT professionals as it allows users to connect to different mobiles and systems remotely over the internet.
Here’s how a typical scam using AnyDesk app or TeamViewer QuickSupport takes place.
- Either some customer care executive posing to be from a bank calls the victim or the victim himself calls customer care to solve some problems.
- They ask you to download the AnyDesk or TeamViewer App
- After downloading any of the app, the fraud caller asks for the 9-digit remote desk code.
- Sharing 9-digit code allows the caller to view victim’s screen live as well as record it.
- As fraudster can see whatever the victim is doing on his device, the moment victim types the ID/password of his banking or UPI app, the fraudster simply notes it down.
- These apps continue to work in the background even when the phone is locked
- On Android phones, the AnyDesk app easily allows the fraudster to view and record the screen of the victim’s phone without his/her knowledge after allowing app permissions. On the other hand, iPhones do not allow AnyDesk to cast iOS to PC.
This 5 minute video shows how AppDesk works.
RBI Notice on UPI Frauds and AnyDesk
Online Scam: You won a Lottery but pay handling charges
Venkat, a 26-years-old private firm employee lost about Rs. 2.19 lakh by being the victim of the Online Scam. Venkat, who is a frequent user of ShopClues, was informed that he had won Mahindra XUV costing Rs. 12.49 lakh which he could claim either as cash or as a car. Venkat got a call from person who claimed to be from ShopClues and told Venkat about the purchases and order details he had made. Venkat believed him that person was calling from ShopClue. The caller then asked him to make the payment of Rs. 12,500 as a registration fee. This was then followed by TDS, GST, Income Tax, and other charges which Venkat was required to pay. There is suspicion that some of the former employees of the shopping portal have put up details of customers on the darknet. Ref: Times of India
Such lottery cases have their reach across the whole country. The fraudsters send such lucrative lottery offers via email, messages, or call on having won something big but Victims are asked to pay handling charges, custom clearance fees, etc.
Online scam: Job offer but pay for some formality
Varun S, a 24-years-old engineer in Bengaluru lost around Rs. 4.58 lakh in a job offer Scam. Varun uploaded his profile on a job site after which he started receiving multiple job offers. In July 2018, he was sent an email from what appeared to be the official email ID of a Canadian tyre firm, which claimed to have seen his profile on the site and offered him the job of a store supervisor. Varun sent his CV and promptly received his appointment letter. But he was asked to make multiple payments for various formalities — visa approval, NEFT mandate fees, international vaccination fees, health insurance and IELTS fees. In over 1 month he transferred over 4.58 lakh to the accounts provided by the company. Next, he received a call form a VISA commissioner who asked him to make the payment of Rs 1.05 lakh which Varun refused and asked for refund of his money. This was the last time when they spoke to him. Ref: 2 lose Rs 7 Lakh in job fraud that promised plum postings abroad
In Bengaluru, the number of such frauds reported has increased from 172 in nine months of 2017 to 382 in 2018 — an average of more than one event per day. Job sites such as Monster.com and Shine.com have warnings about such frauds and on ways to identify such mails. There are many ‘spoofing sites’ that can generate fake email IDs to make them appear to be from bona fide firms. Please check Monster.com Tips for Avoiding Scams
Online Scam: Paying money to Fiance met on Matrimonial Website
Paromita met Hemant through Bharatmatrimony, an online matrimony portal on December 2013. Soon after she created her profile, Hemant contacted her. Paromita checked his profile and she was impressed. He was an officer of the Indian Revenue Service (IRS) posted in Bengaluru. He came from a wealthy and educated family. His mother was a doctor while his father was an officer of the Indian Administrative Service working in the Union home ministry. Hemant called Paromita often, met and impressed her. Then Hemant told he lost his job and she helped him by giving him Rs. 35,00,000. They were planning to get married soon. Paromita was contacted by K V M Prasad, an inspector from Hyderabad when she came to know that Hemant was actually Tanmay Goswamy, married with a child, who conned eight women of Rs 1.25 crore.
There is no single estimate of the scale of online matrimonial frauds in India but it is big. More than 200 such cases, with a total loss of Rs 5 crore, have been reported in the past three years in Bengaluru, the Times of India newspaper reported in April last year. Pune City Police received 62 complaints of online matrimony frauds (cheating of a total of Rs 3.75 crore) in 2016 while 2017 has seen 54 cases in just the first six months.
“From what I have seen, seven out of 10 profiles on matrimony websites are fake,” says Puneet Bhasin, a lawyer practising in Mumbai in litigation matters involving cyber crimes.
Online Fraud: Give Debit/Credit Card details or account is frozen
There are thousands of Debit/Credit Card frauds reported every month in India. In such cases, the fraudsters contact the potential customer and tell him/her that they had opened their accounts in a given bank. However, due to certain issues, they are freezing their accounts. If they want to restore that then they can share their card details so that they can fix the issue remotely without any necessity for the customers to travel to their requisite bank branches.
Once the customer gives the debit/credit card details and the OTP, the transactions are made. And when you call these people back, the number is unreachable.
In SIM Swap the original SIM is cloned, and the duplicate is misused to get access to the victim’s mobile phone and, thereby, to the victim’s online bank account from where funds are transferred to the fraudster’s account
- Typically, the fraudster calls you and poses as your service provider and offers some fake upgrades or information related to services. To make you eligible for these upgrades, the fraudsters ask you to confirm a few important details.
- You then get an SMS or email with some kind of Trojan or malware, which can easily access your basic bank details, among other information.
- Once the fraudsters have your data, they approach your service provider, posing as you, along with some fake documents, and fills in the SIM swap request.
- On verification of the fake papers, the company deactivates the old SIM, and issues the new SIM to the fraudster.
- The new SIM is activated within a few hours. In the meantime, your SIM will show no signal or network. Since the deactivation usually happens at night, you wouldn’t be alerted to your mobile phone having no network.
- Once the SIM is swapped and the fraudster is in possession of the new SIM card, the fraudster will have access to the victim’s phone number and will be able to operate his bank account etc. Since the victim will be unable to use the mobile services during the period, he will not be able to receive alerts or OTPs from banks or credit card companies
Income tax refund fraud
The income tax refund fraud usually takes place by either SMS or emails. Here the recipients’ are sent the message that their income tax return of a certain amount has been approved by the IT department. This message is followed by a bank account number. A link of click here is also given where the users are asked to click if their requisite bank details are incorrect.
As the users click the link, they are redirected to a phishing site that looks similar to the site of the Income Tax Department. The victims are then asked to enter the login credentials. Once they login to their account, they are asked to update their bank details.
As now the fraudsters have the correct login credentials of the users, they update the email and phone number so that the victims are unaware of what is happening in the backend. As now the messages have stopped reaching the victims they can easily lay down their operation of duping the customers. The amount from the victim account starts debiting and their entire bank balance is wiped off.
Abhishek Mishra, a 24-years-old manager in a staffing company in Delhi placed an ad on OLX to sell off his AC. As he posted the ad, he started receiving the phone calls asking him his AC. In one such call, the buyer agreed to purchase his AC and told Abhishek that he will pay the money now and in the evening his son will go to his house to collect the AC.
Abhishek showed no problem in that and agreed to complete the transaction online. The buyer asked Abhishek to send his UPI ID in the UPI app. As he shared his UPI ID, a certain amount from his bank account was debited. When he asked the buyer about this, he said that it was a mistake. He tried it again and again. By the third attempt, he had lost over Rs. 50000 in the transaction. He realized that what he shared was not his UPI ID but was his UPI PIN and he was authorizing the transaction again and again. The buyer refused to refund his money. Such cases are at the peak as the UPI transactions are getting popular among the customers.
OnLine Scam: A furniture sale went wrong
A customer contacted a furniture seller and asked him to place his order for a piece of furniture (worth Rs. 10000). The buyer told that he will pay Rs. 4000 online and the rest Rs. 6000 can be settled in cash. The furniture seller had no objection in the deal.
The buyer then sent a QR code to the furniture seller and asked him to scan the QR code and enter his PIN to complete the transaction. The seller scanned the code and as he did that Rs. 5 was debited from his account. The buyer responded to this by saying that it was a mistake and he will send the code again.
When he sent the code again, the same thing happened. Rs. 5 was debited from the account of the seller. The buyer then apologized for the mistake and refunded the amount back to the seller. Again, he asked to try it one more time. The seller trusted him as he had refunded his money back. This time, Rs. 4000 was debited from his account and the buyer refused to refund it and he even challenged him to do whatever he could. The person is still active with the same number and it is expected that others have also been the victim of the same.
Blackmailing and Cyberbullying
Numerous complaints related to Blackmailing and Cyberbullying has been registered in India. In such cases, usually, the fraudsters create a fake profile of them on social media. They use that profile to hunt the potential targets by making them fall in love with them. When this turns into a relationship, they then ask to share their private photos and videos. Once the person shares their private pictures and videos, these are then used by the fraudsters to blackmail the victims. The victims are then asked to pay them the money or else their images and videos would be shared on social media or porn sites.
In one such case, Shweta Dixit, a resident of Noida went to Karol Bagh, Delhi to get the screen of her phone repaired. The owner of the repair shop asked her to share her screen lock details so that he can check whether the screen is working or not. She shared the details of the screen lock with the owner and within 3 hours she got her phone repaired.
After a few days, Shweta started receiving messages showing her private pictures and videos. It appeared that all her private data from her mobile phone was leaked to someone. The person who sent her the messages demanded money from her. She then filed a complaint with the police. The police then went to that repair shop, seized the electronic data, and sent it to the forensic department. The police said that she is one of the 350 women who had been the victim of such online threats in the past 6 months. They are still investigating the case.
How to report Cybercrime?
Steps to report Cyber Crime
- File a cyber crime complaint is to register a written complaint with the cyber crime cell of the city are currently in. Provide your name, contact details, and address for mailing. You need to address the written complaint to the Head of the Cyber Crime Cell of the city where you are filing the cyber crime complaint.
- If you do not have access to any of the cyber cells in India, you can file a First Information Report (FIR) at the local police station. In case your complaint is not accepted there, you can approach the Commissioner or the city’s Judicial Magistrate.
- In case you are a victim of online harassment, a legal counsel can be approached to assist you with reporting it to the police station. Additionally, you may be asked to provide certain documents with the complaint. This would, however, depend on the nature of the crime.
If you have been the victim of Cybercrime in India then there are various authorities with whom you can register your complaints. These include:
- National Critical Information Infrastructure Protection Centre (NCIIPC)
- Departments in organizations
- Economic Offence Wing (EOW)
- Serious Fraud Investigation Office (SFIO)
- Central Bureau of Investigation (CBI)
- National Association of Software and Services Companies (NASSCOM)
- Ministry of Electronics and Information Technology (MeitY)
- Cybercrime cells
- Corporates & Organizations (Quick Heal)
- National Crime Records Bureau (NCRB)
These are just a few instances. Numerous such cases take place on a day-to-day basis. Many of such cases are untold and hidden. We believe that there is a need to make our people aware of the protection of their information and the steps that they can follow if they have been the victim of such Online Scams.