KYC bait: Kerala teacher shares OTP thrice with cybercriminals, loses Rs 1.22 lakh

Inspector Anoob Kumar said victims of cyber financial frauds should immediately call 1930, the toll-free helpline run by the Ministry of Home Affairs with the transaction number.
Illus: Express
Illus: Express

KANHANGAD: A teacher lost around Rs 1.22 lakh from her bank account after she shared her bank details, including the one-time password (OTP), with cybercriminals who posed as customer care executives.

The fraudsters have phished the money from State Bank of India's Nileshwar branch in Kasaragod district and transferred it to an ICICI Bank in Kolkata, said Kasaragod Cyber Crime inspector Anoob Kumar E.

The fraud was elaborate, spanning several days, and the fraudsters sounded convincing for the teacher to share her OTP, not once but at least thrice with them, said the officer.

According to the FIR registered with the Cyber Crime Police Station, in the first week of May, the teacher got an SMS purportedly from the State Bank of India asking her to update her KYC (Know Your Customer) documents, failing which her bank account will be closed. The SMS mentioned a phone number and was signed off as 'Team SBI'.

The 39-year-old teacher knew about the importance of KYC verification and called the phone number given in the SMS.

The teacher made the call to the 'customer care number' on May 4, and the 'executive' took down her details. The FIR said she shared her bank account number, the IFSC of the branch, her 16-digit debit card number, the card verification value (CVV), a three-digit number on the back of the debit card, and also the ATM PIN.

The fraudster kept the teacher on call and after some time asked for the OTP sent to her phone. She shared it. Later, the fraudster told her that the server was down and the KYC could not be updated and that they would call her the next day.

On May 5, the 'customer care executive' called the teacher again, and this time asked for the details again and then the OTP. After around three minutes, the executive asked for the OTP again. She shared the number both times.

After some time, she saw two SMS on her mobile phone saying Rs 99,899 and Rs 22,011 were debited from her account.

"On May 4, the fraudsters told the complainant that the server was down after taking her OTP. We believe they used the OTP to add a fund transfer beneficiary to her account and stole the money the next day," said the Cyber Crime inspector.

He said the cybercriminals had used the same modus operandi to steal Rs 7 lakh from the bank accounts of a married couple in Rajapuram in November. "They shared the OTP with the fraudsters. OTP is the last line of defence against fraudsters. It should never be shared," he said.

The Cyber Crime Police have traced the money stolen from the teacher's bank account to ICICI Bank in Kolkata. "The fraudsters would have given their KYC to open the account but most probably they must have submitted fake ID and address proof," he said. But their photograph will be with the bank.

The Reserve Bank of India, the banking regulator, has made it mandatory for every customer to share their latest photograph, identity card, and address proof with their bank to prevent financial fraud. The cybercriminals exploit this rule as bait to get their victims, said inspector Anoob Kumar.

A case has been registered under Section 420 of the IPC for cheating and Section 66D of the IT Act for cheating and impersonation using communication devices.

Inspector Anoob Kumar said victims of cyber financial frauds should immediately call 1930, the toll-free helpline run by the Ministry of Home Affairs with the transaction number.

"They can freeze the account of the beneficiary and retrieve the money. Once the money is withdrawn from the beneficiary account, it will take longer to get the money back," he said.

Related Stories

No stories found.

The New Indian Express