This Is How Bank Of Baroda Mobile App Was Exploited By Fraudsters To Steal Money From Customers

Mumbai Police has recently rectified a major loophole through which crores of rupees have been siphoned off from the mobile banking application of Bank of Baroda (BoB), through which cyber criminals attacked accounts across India.

It was while interrogating an accused, Gunilal Bindeshwari Mandal, that the police learnt about the technical loophole. Mandal, who was making phishing calls and was arrested from Bihar within 24 hours of FIR registered at DB Marg police station on November 2.

Method Of Operation:-

Police Officer said that “The con men had installed the ‘BoB MConnect+’ app on their smartphones where they would randomly type a mobile number, and if it was registered with BoB, the application would generate a One Time Password (OTP). The OTP was a clear indication for the cyber criminals to target the mobile number”.

The gang would work in the night to segregate mobile numbers to approach the bank account holders the next day. Just before calling his target, Mandal would again type the mobile number in the app, and when the OTP was generated, he would call the mobile number immediately.

Officer said that “In a bid to win trust, Mandal would tell his target that he was calling from BoB and did not need an OTP or the CVV number written on the back side of plastic money, etc.”

Officer added that “During the conversation, Mandal would tell the target that his e-KYC needs to be updated and the details of his banking transactions are on his computer screen. He would ask the target to punch the OTP number in the application after which a four-digit M-PIN is generated. Here, too, Mandal would not ask the M-PIN from his target, instead he would give a random four-digit number and ask him to add the same to the M-PIN and then give that number to him. To get the M-PIN, then Mandal would then subtract the four-digit number which he had given to his target to add to the M-PIN. Once the M-PIN was typed on the mobile banking application, he would siphon off money from the account”.

Put An End To Phishing Cases

“Every day, we at DB Marg police station, used to get at least two phishing cases related to BoB. But now it has stopped as we apprised BoB officials about the loophole. Their IT cell team visited our police station and rectified the issue. Now there is no phishing case related to BoB”, said the officer.

Bank of Baroda in its statement to mid-day said, “Bank of Baroda’s Mobile Banking Application is highly secured with zero reported incidents of unauthorised access. Customers are falling prey to social engineering attacks of tricksters/fraudsters and sharing personal credentials like PIN, OTP, Passwords, Debit Card details etc., which are essential banking details to perform a transaction. Our bank is continuously running campaigns to create awareness among the customers about these social engineering attacks and not to share their personal banking details with anyone.”

Inspector (crime) Raja Bidkar told mid-day, “Mandal was trained by a man from Kolkata who is yet to be arrested. We are trying to find how they came to know about the loophole in the banking application. Our team including sub-inspectors Pradeep Patil and Rakesh Shinde and constable Suraj Dhaygude arrested Mandal.