BENGALURU: As technology advances, fraudsters are employing new techniques to swindle people. We all think that without One Time Passwords (OTPs), money cannot be transferred, but now cyber fraudsters can take the money away from your account without an OTP too.
This is how the scam works. You are sent a message that looks to have bee forwarded from a bank. Once you click the link, the money is stolen from your account without an OTP. Over Rs 40 lakh has been stolen from Bengaluru Rural district alone using this technique.
Cybercriminals are also employing more-sophisticated Remote Access Trojans (RAT) and Android Application Package (APK) software to scam people. A senior officer said RATs and APKs are software that allow cybercriminals to remotely control a person’s device, without their knowledge.
An officer explained that fraudsters create fake apps using logos of nationalised or private banks whose security would have been breached. Fraudsters send these app links via WhatsApp or text messages, and once the application is installed on the phone, fraudsters can easily steal the money.
This is a more advanced form of phishing, enabling fraudsters to bypass conventional security measures and gain unauthorised access to sensitive information. Earlier, these methods were used to steal money in bulk from big companies, he added.
An officer investigating a case said that a 35-year-old IT employee, Anusha (name changed), lost Rs 20 lakh. She had received a link on WhatsApp that appeared to be from her bank. The message suggested she install the app to get updates from the bank. “As soon as she opened the link, the phone came under the control of fraudsters. After similar cases were reported from different parts of the state and the police alerted bank officials, the bank took preventive security measures, and now such cases have reduced,” the official explained.
A cyber expert, Suresh, said the only way to escape from such frauds is not to click on links in text or WhatsApp messages. Banks send transaction alerts only to the text message inbox and advise turning off mobile data to prevent applications from downloading.
On May 21, the Hassan sub-division DySP reportedly lost Rs 15.98 lakh after installing an application of a nationalised bank that was forwarded him through a text message. The link had an APK or RAT file. An investigation officer from Hassan said that soon after the money was stolen, it was transferred to multiple mule accounts. It was found that the accused had used 900 SIMs with the same IMEI number.