KYC Scam Hits Hard: Ex Indian Air Force Officer Loses Life’s Savings After Fraudster Asked To Download App

As per the news, a Noida-based former Indian Air Force officer Nilachala Mohapatra lost all his retirement savings to a KYC data con.

How Did This Happen?

56-year-old Mohapatra was conned in the disguise of KYC verification of his mobile digital wallet, on November 11.

 The fraudster was posing as an employee of an e-wallet company called Mohapatra and asked him to download an app for verification of the KYC form.

Mohapatra said “He made me download an app and asked me to transfer an amount Rs 5 to an account, which would have been refunded. While Rs 5 was immediately refunded, the criminals withdrew Rs 7.33 lakh from my bank account,”.

He added “How come they (bank) allowed a transaction for such a huge amount without letting me know? Both my accounts were linked with my digital wallet and still, the criminals were able to hack into both,”. 

In another case, the general manager of a major shopping mall in Gurugram lost Rs 1.85 lakh. 

What Happens Next?

After that, an FIR was registered against unknown persons under the IT Act. 

According to Preet Pal Singh, ACP Crime, Gurugram Police”Cyber cell officials are trying to locate the IP address of the accused,”.

Cyber experts see a, a clear pattern is now emerging behind these criminal acts.

Cybercriminals are using KYC compliance as a tool to cheat people, Since the Reserve Bank of India made KYC compliance mandatory for users of banks, digital wallets and financial institutions.

How Does This Work?

People prefer shortcuts over the old and tedious documentation process, like downloading apps and feeding information into these. 

But has now turned into vulnerability as when people agree to update KYC details through the app, the perpetrators send them a link over a text message. 

In the next steps, the caller is asked to download an app. After downloading the app and installment completion, the conmen get access to the person’s screen through a remote desktop software tool. 

After that, the caller asks the victim to perform a transaction to check if the account is functional. But the real motive is to use the OTP message to fraudulently withdraw money. 

What Does The Cyber Experts Say?

As per the experts, cybercriminals are on the lookout for newer ways to defraud gullible victims. 

Most of these fraudsters use screen-sharing apps according to Anyeesh Roy, the Deputy Commissioner of Delhi Police Cyber Crime Cell.

He said “Conmen also target customers who use online banking services. To know the password, apps that can monitor one time passwords (OTPs) sent through text messages on mobile phones are employed,”. 

According to Cyber expert Jiten Jain, hackers use these apps to control mobiles and computers connected with the Web.

Jain added “These are also known as controlling apps and whoever downloads them should be aware of their features. Many ignorant people download them and end up compromising their financial data with others,”.

How Prevention Is The Only Way Here?

The cybersecurity expert, Kislay Chaudhary said that awareness is the only way to keep such offenses under check. (Reference)

He said “There are many team-viewer apps available in app stores. They are legal and can be easily downloaded. Once the details have been shared with criminals, they can access all the data that is inside your phone. People should be aware of such technology. KYC verification must be done physically by taking fingerprints to connect with the Aadhaar card. People must be aware that financial institutes or banks don’t insist upon users to download anything for verification,”.