Blog Overview Chronicles Sharing of OTP is where fraud end. But where do they begin?

Sharing of OTP is where fraud end. But where do they begin?

Sharing of OTP is where fraud end. But where do they begin?

We have been gathering insights based on our research on instances of fraud in the recent past. And the more stories we hear, the more we realise about the countless different ways of getting defrauded. However, there is one thread that connects most of the stories we came across.

Share Now

Kaspersky has predicted that cyber fraud in India will increase going into 2021 owing to more users connecting to the internet and adopting digital payment modes.

This hardly comes as a surprise after seeing the sheer number of UPI and other consumer frauds we did in the last one year.

An elderly man loses money to online fraud

An elderly person from Pune wanted to transfer money. He was not able to do it and the UPI application he was using showed a ‘server down’ message (we’ve all been here at some point).

As he was not able to transfer the money, he thought of calling the helpline number of the UPI app he found on Google.

The person who picked up the call sent him an SMS and asked to click on the link to download an app. After downloading it, the victim was asked to share a code that was generated on the app. As soon as he shared the code, a hefty sum was deducted from his account in 15 transactions. All in a matter of minutes.

The victim was made to download a remote screen sharing app called ‘AnyDesk’.

Here’s another similar story we found online

A man in Uri wanted a refund for the cancellation of his air ticket and contacted the customer care number of his airline service provider he found online. He immediately received a callback and was told that the refund amount could be transferred immediately via Google Pay.

All he had to do was download a mobile application called ‘AnyDesk’ on his cell phone.

On following directions on the phone, all the money in his bank account got debited in a few transactions. This too, in a matter of minutes.

The common link in the two stories above seems fairly clear.

And if you’re thinking downloading AnyDesk was what led to them getting defrauded, you’re not seeing the entire picture.

Yes, one might say that clicking on a link and downloading a third-party app is never advisable, but that is something that just enabled the fraudsters to carry the fraud out. The real damage was done when victims called on the customer service numbers they found online.

That is the incidence point of most frauds we come across today and that is where the real game is being played.

Many unsuspecting customers end up looking for customer care numbers on Google rather than opening a service provider’s website or app and calling from there.

Whether it is a UPI fraud or a KYC-related fraud, one way to tighten the screws around the security of our digital payments infrastructure could be to stop calls from such fake numbers coming through altogether.


Are you a financial institution looking to protect your customers from such cyber fraud? Come talk to us at IDfy


Share Now