In today’s digital landscape, cybercriminals are continually devising sophisticated methods to exploit unsuspecting individuals. A concerning trend has emerged where fraudsters bypass traditional security measures, such as One-Time Passwords (OTPs), to access bank accounts and steal funds. Understanding these tactics is crucial for safeguarding your financial assets.
The Call Merging Scam
One prevalent method involves the use of call merging:
- Initiation: The scammer contacts the victim, posing as a friend or acquaintance, and requests to merge the call with another individual.
- Deception: Unaware of the deceit, the victim agrees, inadvertently connecting to a legitimate OTP verification call from their bank.
- Exploitation: The fraudster times the interaction so that when the OTP is received, the victim, believing it pertains to the ongoing conversation, shares it. The scammer then uses this OTP to authorize unauthorized transactions.
The National Payments Corporation of India (NPCI) has issued warnings about such scams, emphasizing the need for vigilance when merging calls or sharing OTPs.
Phishing Links and Fake Messages
Another tactic involves sending messages that appear to be from reputable banks:
- Deceptive Messages: Victims receive messages resembling official bank communications, containing links that, when clicked, compromise their accounts.
- Immediate Impact: Clicking these links can result in unauthorized withdrawals without the need for OTPs.
Reports have highlighted incidents where individuals lost significant sums after interacting with such fraudulent messages.
Advanced Techniques: Exploiting Aadhaar and AEPS
Cybercriminals are also exploiting systems like the Aadhaar Enabled Payment System (AEPS):
- Data Breach: Fraudsters illegally obtain Aadhaar details and clone fingerprints.
- Unauthorized Withdrawals: Using AEPS, they withdraw money without requiring OTPs or ATM PINs.
Such methods have been reported, where criminals siphoned funds by manipulating Aadhaar-related vulnerabilities.
Protective Measures
To defend against these scams:
- Verify Caller Identities: Always confirm the identity of callers requesting sensitive information or call merges.
- Avoid Clicking Suspicious Links: Refrain from interacting with unsolicited messages or emails from unknown sources.
- Safeguard Personal Information: Keep sensitive data, especially Aadhaar and banking details, confidential.
- Monitor Account Activity: Regularly review bank statements and immediately report unauthorized transactions.
- Use Official Channels: Access bank websites and services directly rather than through links provided in messages.
