NEW DELHI: Delhi Police has busted a nexus of cyber cons, who were involved in siphoning off huge amounts from the Permanent Retirement Account Numbers (PRAN), of the 65 employees of the Border Security Force (BSF) and arrested a 33-year-old BSF Constable who had been sacked four years back.
The accused Constable, identified as Ghanshyam Yadav, was apprehended from Prayagraj (Uttar Pradesh) where he was living under a fake identity of a UP Police Constable. The accused even had a UP police sticker on his car, a cap, and a police uniform.
Sharing details of the high-end cyber crime, DCP (Intelligence Fusion & Strategic Operations) Prashant Gautam said a complaint was received from the National Pension Scheme Section, PAD BSF where it was alleged that Rs 70 lakh (approx.) had been fraudulently siphoned off from PRAN through 89 fraudulent transactions of 65 employees of BSF through online facility of Partial Withdrawal of accumulated funds by self-declaration or authentication under National Pension Scheme during Covid period.
For readers to understand, the Special online OTP-based mechanism was allowed to be used for partial withdrawal i.e. 25 per cent of self-contribution of accumulated funds in PRAN under NPS through self-declaration or authentication during Covid considering the hardship being faced in offline requests.
Double authentication used to be done by sending OTPs on the subscriber’s mobile number and email associated with his PRAN to ensure the genuine withdrawal by the subscriber during Covid to avoid physical verification through the Drawing & Disbursal Officer (DDO) of the unit.
Every PRAN is associated with the subscriber’s mobile number, email ID, and Bank account number in addition to other particulars of subscribers. Particulars of subscribers can be changed in a database maintained by NSDL through DDO only on specific and verified requests of subscribers. Whenever any change in any particulars of the subscriber is affected, an alert message is sent to the subscriber’s mobile and email ID which is already linked to the account.
“The accused was posted as a constable in BSF in 122nd Bn. in Malda, West Bengal in May 2019 when he was dismissed from services. During the same period, he got the login credentials of DDO of 122nd Bn. of BSF during his visit to the accounts branch of the unit,” the DCP said.
The official said that the accused got unauthorized access to the NPS portal through stolen credentials of DDO of 122nd Bn BSF and got himself familiar with all features and functions of the NPS portal. “He learned about the vulnerability in NPS online system in getting access to DDO account through a change in security questions and exploited the same to get unauthorized access in five more DDO’s accounts of BSF,” said the official.
Having access to the database of PRANs of all personnel of respective Battalion with the privilege to change particulars of PRAN subscribers, the accused Ghanshyam allegedly targeted the subscribers in whose account email ID and mobile number were not found to be associated with their PRAN otherwise they might have got alert if any change would have effected in their details.
“Ghanshyam filled in his mobile number, email ID either, and bank account number in targeted PRANs. Thereafter, initiated process online for partial withdrawal from the accumulated funds through verification of OTP sent on the mobile number and email ID which were in control of accused,” the official said.