Mobile applications legitimately used to share screens for technical support or transfer data are being used by fraudsters to access phones of their targets and carry out transactions on their behalf without waiting for them to share OTPs, police have found.
The apps, used by people across the world, can be downloaded on android and iOS phones.
The number of people losing money from their bank accounts without sharing OTPs to validate any transaction is increasing in the city, the police said.
Officers said several red flags had emerged during their conversation with the victims of such fraud.
Apps to share phone screen
The police said the fraudsters were asking their intended victims to download some mobile apps, telling them that their SIM cards would be deactivated soon if they did not do so.
Once the application is downloaded, the victims are asked to share a “code” that is generated on their screen.
“In the majority of the complaints we have received, the victims have shared this code thinking it was safe as long as they were not sharing any OTP to validate any financial transaction. The code allows the fraudsters to have remote access to the victim’s phone. They can then make transactions on behalf of the victims without waiting for the victims to share any OTP as they can see the screen and as well as the OTP that has been generated,” said an officer of the anti-bank fraud section of Lalbazar.
Fraudulent numbers look like genuine “customer care numbers”
Cyber experts said it was easy to manipulate data in mobile apps that collect a database of phone numbers of people who download them on their phone.
“For example, there is a popular app that people use to check the details of an unknown caller. This app will show my details as saved by my contacts on their phones. If a fraudster saves a particular number as ‘customer care number’ in his or her phone and syncs the data with the internet, there is every possibility that when another person dials that number, this app will show it as the ‘customer care number’,” said a senior police officer attached to the cyber wing.
One of the victims — Nandini Banerjee, a doctor — had mistaken the fraudster’s mobile number as the customer care number in a similar way when she tried to check its authenticity through this mobile app. She lost more than Rs 3 lakh in the next few minutes.
Banerjee has lodged a complaint with Garfa police station.
Easy to convince to pay only Rs 10
Fraudsters are asking their targets to make a transaction of only Rs 10 — something people are ready to risk. The police said that once fraudsters accessed the victim’s phone, they could see the victim type his or her Net banking details while making the online transaction of Rs 10.
“The victim thinks that even if he or she is being cheated, Rs 10 is too small an amount to bother about. But the fraudsters note the banking details and use them to make transactions,” explained an officer.
Asking target to make transaction
The police said fraudsters would ask their targets to make a transaction of Rs 10 only through an app that was already on the victim’s phone.
“When they told me to pay Rs 10 through my mobile service provider app which I had been using for years, I thought it could not harm me in any way,” Banerjee said.
On January 31, Metro had reported how at least two Calcuttans had been duped of their money purportedly without sharing any OTP to validate any transaction.
The police said there were cases where fraudsters changed the registered mobile number.
So the OTP was generated on a new number and the victim had no inkling of the money being transferred out of his or her account.