In the financial world, veterans keep warning to stay away from anything that you do not fully understand. Unfortunately, in cyberspace, there is no such warning; generally, people tend to ignore such cautions and lose money. No wonder, fraudsters are busy fooling and defrauding people. This week, I am sharing two methods used by fraudsters to loot your hard-earned money. One is a payment link scam, which is not new but keeps appearing here and there. Second, auto-installing mobile malware through links and SMS forwarding app is also part of the modus operandi the fraudsters are using.
In both the scams, fraudsters make contact pretending to be someone else, like a bank official or customer-care executive from a service-provider. They may contact by text message, social media, or phone call. Typically, these fraudsters ask the victim to confirm details by opening an internet link or responding with personal information.
Payment Link Scam
Television actor Aman Sandhu, who has worked in popular television serials like Crime Patrol and Savdhaan India, lost money in a payment link fraud.
The transactions took place soon after she clicked on a WhatsApp link that she thought was a link to get a doctor's appointment for her mother on 6 July 2022. The actor had linked her bank accounts to the WhatsApp payment feature.
Goregaon police told the newspaper that the actor lost the money within 20 minutes after she received and clicked the link.
According to a study—'Tackling India's Financial Cyber Crimes' by Deepstrat and The Dialogue, the pay via links feature is typically provided by payment gateways, which allow display names to be changed, along with logos. “This allows a fraudster to generate a payment link on the name of a well-known entity, even though the destination bank account number would be the one that they control.”
Scammers Using Links and SMS Forwarding Apps To Con Bank Customers
Cyber-security firm CloudSEK
has spotted a new phishing campaign that is targeting banking consumers in India via SMS forwarding apps and a link to register grievances. The phishing site collects the victim's banking credentials and personal identifiable information (PII), after which an Android SMS forwarding malware is downloaded to their devices.
CloudSEK found several simple online complaint portals with domains like online-complaint.com or customer-complaint.com, targeting Indian banking customers. There are multiple domains like accountsecureverify.com (online-complaint.accountsecureverify.com), secureaccounts.in, which use the same modus operandi and have identical templates.
Pretending to be an executive from the bank, the fraudster contacts the customer and shares a link of the fake complaint portal. The 'bank executive' also asks the customer to enter their complaint type along with other sensitive banking information such as card number, CVV number, and expiry date to get a 'refund' on the 'failed transaction'.
While the customer is filling out the details, a malicious customer support application, Customer_Sopport_Srvice.apk, gets downloaded to the victims' devices. This malicious app sends all incoming SMS to its command and control (C2) portal, online-complaint.com.
The malware helps the fraudsters gain other sensitive information like one-time passcode (OTP) or two-factor authentication (2FA) verification codes via SMS forwarding.
Once these fraudsters have all the information about your bank account or card details and access to your SMS, they can easily siphon money from your account.
How Being Alert Saves Money
In a post, Tejas Balapalli shared how fraudsters tried to dupe him while he was trying to book flight tickets to Varanasi from via.com. After facing an issue while booking, he posted a message on Twitter. Soon, he received a phone call. The caller told him he was calling from HDFC and they handle transactions of via.com. During the discussion, he was asked to send a readymade SMS for HDFC UPI and provide his card details from a surveymonkey link. However, alerted by these instructions, he reduced the credit limit on his card to just Re1 above the amount he had already spent.
The fraudster then asked him to download and install an SMS forwarding app, which he did and added the fraudster's number to receive all his SMS. Immediately after that, the fraudster initiated a transaction of Rs24,774.96 from his card. However, since Tejas had placed a limit on his card payments, the transaction failed.
Being alert and playing smart, Tejas avoided being fooled by the fraudsters through the payment link and SMS forwarding app scam. Do read more about this here
Fake or Modified WhatsApp
Will Cathcart, head of WhatsApp, has asked users not to use modified or fake WhatsApp
that is available on the internet under various names. He says, "Recently, our security team discovered hidden malware within apps—offered outside of Google Play - from a developer called 'HeyMods' that included 'Hey WhatsApp' and others. These apps promised new features but were just a scam to steal personal information stored on people's phones."
"Mobile phone malware is a pernicious threat that must be countered and the security community continues to develop new ways to prevent it from spreading," he added.
In short, never open any link you receive from an unknown person or entity and share your financial details. Also, never search for contact numbers or customer care numbers on the internet, especially those of bank and credit card companies.
Stay Alert, Stay Safe!
If you have any grievance against a bank or a card company, it is better to visit their official website, find out customer care numbers and then contact on that number or email only.
Do not respond to an unknown caller's request to visit any portal or click to open any link sent on message (SMS/email) to this person.
Do NOT download any app as suggested by the caller.
Always remember that your bank and credit card company have all your personal details. This means they would NEVER ask you to share these details via phone or email or submit it online.
Use a good quality anti-virus (several free apps provide good protection) to protect you from viruses, malware, ransomware and remote access.