(See: Should India's Banks Drop User-Based OTPs?) Because the attackers already have access to the phone, they can see one-time passwords for the banking app. The attackers then ask customers to download the mobile banking app. Once the app is downloaded, it generates a nine digit number, which, when shared with attackers, gives them control and access to the phone.
The fraudster then asks these customers to install the AnyDesk app. For instance, fraudsters, using a vishing approach, pose as bank employees and call customers saying there is a problem with their bank balance or bank account. The RBI's notification describes how the fraud scheme that leverages AnyDesk works.įirst, fraudsters lure victims on some pretext to download AnyDesk app from Playstore. Prompt reporting of incidents to RBI will enable timely issuance of advisories which would eventually enhance the resilience of Indian banking landscape to such frauds," he says. "Periodic and effective customer awareness programs and multilingual communique will go a long way in mitigating such frauds. "As digital banking technologies gain more acceptance, there is a corresponding increase in the risk of sensitive information being socially engineered off unsuspecting customers," says Nandkumar Sarvade, CEO at ReBIT. ReBIT, the IT and security arm of the Reserve Bank of India, in its latest monthly newsletter has highlighted the growing menace of vishing, phishing, card-cloning, e-wallet fraud, financial swindling via social sites. Those attacks begin with vishing.įraudsters are using the AnyDesk app to carry out fraudulent transactions through any mobile banking app or payment-related apps, including UPI or wallets. The National Payments Corporation of India, an umbrella organization for all retail payments in India, too confirmed this and said a few cases have of AnyDesk fraud have been reported so far. It is a clear case of users being duped by fraudsters through vishing attacks," says Prakash Kumar Ranjan, who was previously with Canara Bank as a security researcher. "The problem is not on the application side. There have been reports of customers losing lakhs of rupees from their bank accounts through the UPI app, some security experts say. The cautionary notice was issued in the wake of a rising number of fraudulent transactions using the Unified Payments Interface real-time payment system platform. ISMG obtained a copy of the circular from a banker who received it. RBI's cybersecurity and IT examination cell issued the warning in a confidential circular to banks.
See Also: Live Webinar | New Phishing Benchmarks Unlocked: Is Your Organization Ahead of the Curve in 2023 The Reserve Bank of India has warned banks that fraudsters are using the "AnyDesk" remote access application to pave the way to potentially wiping out a customer's bank account.
0 kommentar(er)
