Gullible bank customers are getting fooled by callers who scare or lure them. Never share your personal or financial details with anyone.
First it was e-mails of alleged lotteries, now cyber criminals have found a new way to dupe bank customers.
From online, they have graduated to phone calls, where they convince credit and debit cardholders to pass on their details, and then steal from their accounts.
The trick, called 'vishing', is currently the most widespread fraud among cyber crimes, according to information technology and cyber security experts.
Its victims include Karnataka director-general of police Om Prakash and Maharashtra Chief Minister Devendra Fadnavis' personal assistant, Vivek Bimanwar. The favourite target is usually unsuspecting senior citizens.
It involves calling targets after gathering detailed information about them and their financial accounts.
The person on the line pretends to be an executive of a bank. One hook is luring targets by offering gifts or money in return for reward points.
Senior citizens are convinced by telling them there's a security issue or the bank needs to verify their credentials to keep the account active. In their naivety, the target reveals all details and share the one-time password (OTP) sent on the phone.
A K Dasgupta, 82, is one such victim. The caller scared Dasgupta, saying his account was blocked as his credentials were not verified.
The caller asked for debit card details and an OTP to unblock the account. As soon as the information was exchanged, there was a Rs 15,000 transaction made.
The same person called him the next day, saying there was some problem with the servers and his account was debited by mistake. The bank now wanted to reverse the transaction.
Unsuspecting, Dasgupta again shared his details and lost another Rs 8,000. "They were too professional and the call seemed to be from the actual bank," says Dasgupta.
Money stolen from the account is used for expensive purchases on the internet.
Typically, these are transferred to a mobile wallet. Then, the purchases are made on multiple online shopping websites.
The problem is that these cannot be traced to the criminals.
Shomiron Das Gupta, a cyber security expert, who trains and helps Mumbai Police in solving cyber crimes, says these fraudsters use 'money mules'.
These are people who serve as intermediaries for criminals and are usually not aware of it. They help in return for a commission.
"Police gets stuck because of the banking problem. The money from accounts is moved swiftly in a few minutes after the crime, sometimes even to international banks, making it difficult to follow the trail," says R Venkatraman, former head of business consulting at KPMG Consulting and author of a book, Fraudster.
The accounts such criminals also make use cloned SIM cards, he adds.
According to experts, these criminals run full-fledged call centre operations in distant suburbs of Mumbai, Delhi and Chennai.
When the police raid such offices, they find the employees thought the operations were run on behalf of banks, not for fraudulent activities.
In many cases, the police couldn't trace the real owners. In some cases, the owner thought he was dealing with the actual bank.
A target's information can be sourced from many places. Experts say these are typically gathered through courier companies, visitors' diaries kept at the reception of many offices, and also by first calling the target, pretending to be a marketing executive.
"Even open Facebook profiles and Twitter accounts can help these criminals with information about a person," says Das Gupta.
A Bengaluru-based techie, Pawan Kumar, had complained about his credit card company on an online forum.
His issuer had promised to reverse the annual fee but it didn't. In his post, he included the mobile and credit card number.
Next day onwards, he started getting calls from 'company executives'. They told him that based on his reward points, the company was reversing the fee and giving him cash of Rs 2,000.
When the caller asked for the OTP for the transaction, Kumar realised it was fraud.
Are you a victim?
If you fall prey to a cyber crime, immediately file a complaint with the police.
"Time is of essence in these matters. The more you delay, higher are the chances of the money trail getting lost. In the case of mobile numbers, the fraudsters would dispose it within a week or two," says Venkatraman.
He adds that a person should also provide as much information as possible for the police to trace back the source.
The person should provide all the numbers from which the criminal tried to contact, recordings of the phone conversation, if possible, name of the caller if you remember, and details of the SMS received after the transaction.
Also, immediately call the bank to block your cards.
All experts agree it's difficult for a victim to get the money back.
The only way to prevent falling prey to such frauds is by staying alert. Individuals need to be suspicious about all unknown callers.
Do not trust phone numbers, even if the number displayed is of your bank, as these can be changed with software.
When you receive a call, ask questions and get as many details as possible.
But, never share your personal or financial information, especially the OTP, CVV, PINs and SMS you would receive.
One method is to ask for the caller's number and say you would like to call them immediately to verify if the company is legitimate or not.
Also, avoid sharing your details on social media. Use the security options in these accounts to keep your information private.
In case you are using forums or social media to complain about a company, don't reveal your contact details.
If the company takes notice of your issue, they would have your details and either get in touch or ask to call up a responsible person in their organisation.
Reporting to police
Lodge a criminal complaint with the local police or cybercrime cell
Report phone numbers of callers
If call is recorded, give it to the officer
Include details of text messages
Specify other details such as names and answers the caller gave to your questions
'The savviest are falling prey to vishing'
Shomiron Das Gupta, Cyber security expert
It's really incredible that even the savviest individuals fall prey to vishing frauds easily.
These conmen are well-trained. The victims are usually in the middle of work and don't have the time to check with their banks.
Seniors are the easiest prey, as not many of them are tech-savvy. These criminals usually target people based in another state, reducing the chances of being tracked and arrested.
Their set-up, too, is difficult to crack. Money is used to purchase Bitcoins that cannot be tracked.
If a person gets a call and knows for sure it's a conman, he or she cannot do anything.
There's no mechanism to bring them to task before the fraud takes place. Banks don't act, either, other than sending mailers and text messages, asking people not to share their details.
Once a person becomes a victim, the money is as good as gone. The only way to prevent these frauds is by not sharing details with callers. Individuals should also use security settings on social media accounts to hide their personal details.
'Very few banks are acting on such frauds'
KMM Prasanna, Additional CP (Crime), Mumbai
When a person falls prey to cyber crime, he can go to any police station to register a first information report.
Filing it with the cyber crime cell will ensure speedy action, as officials in this division are in constant touch with banks and relevant institutions.
Today, when the world is digitally connected, criminals tend to leave some footprints and can be traced.
The victim should, therefore, provide as much information as possible.
This year, our cyber crime cell registered a total of 151 cases. Of these, vishing cases were 25.
We have a detection rate of 50 per cent. At present, only two-three banks have taken an initiative to come to us and asked to investigate such matters after their customers fell prey to frauds.
More banks need to do this. Companies also need to invest in data security, as most customer information is stolen and purchased on the internet.
Each card detail can be bought for only Rs 8. Fraudsters also steal details from malls where unsuspecting customers swipe their cards.