Mumbai: In a chilling example of the growing sophistication of cybercrime targeting elderly citizens, a 67-year-old retired banker from Mumbai’s Lalbaug area was cheated of ₹20 lakh within just 90 minutes, after fraudsters allegedly hacked his mobile phone, gained remote access to banking systems and wiped the device clean using a factory reset.
Police officials said the incident took place on December 11 between 4 pm and 5.30 pm, and involved a carefully orchestrated scam that combined social engineering, impersonation and technical exploitation.
Caller Posed as Senior Bank Officer
According to the complaint, the victim — who had retired as head credit cashier from the same bank — received a call from a man claiming to be a senior officer of the bank. The caller used precise banking terminology and personal details, which immediately built credibility.
The fraudster told the victim that his KYC was pending and that his account qualified for a special “senior citizen upgrade”, offering enhanced benefits. Believing the caller to be genuine, the victim shared certain personal details during the conversation.
Kept on Continuous Call to Prevent Verification
Investigators said the fraudster deliberately kept the victim on the phone continuously, repeatedly instructing him not to disconnect the call under any circumstances. This tactic effectively prevented the victim from:
-
Contacting family members
-
Visiting a nearby bank branch
-
Calling official customer care numbers
During this period, multiple OTPs were generated on the victim’s phone. The victim has maintained that he did not knowingly share any OTPs, raising strong suspicion of malware-based interception or remote device access.
Remote Access Suspected, OTPs Used Without Consent
The victim’s son later told police that the fraudsters appear to have gained control of the phone itself, allowing them to generate and use OTPs without the victim’s direct involvement.
Police are examining whether the caller tricked the victim into installing malicious software or exploited a vulnerability that allowed remote screen control and access to banking applications. The stolen money was transferred in multiple rapid transactions through different accounts, a common laundering tactic.
Phone Factory-Reset After Fraud
The most disturbing aspect of the case emerged shortly after the call ended. When the victim checked his phone, he discovered it had been completely factory reset.
All data was erased, including:
- SMS and OTP messages
- Banking alerts
- Mobile apps
- Contacts and photographs
When the victim accessed his bank account soon after, he realised that ₹20 lakh had already been debited. By then, the funds had moved through several accounts, sharply reducing the chances of immediate recovery.
Police officials described the operation as highly coordinated, combining psychological pressure with advanced technical execution.
What Banks Never Ask For
Following the incident, cyber police reiterated key safety advisories, stressing that banks never:
- Ask for OTPs, PINs or passwords over phone calls
- Request installation of apps for KYC or account upgrades
- Ask for screen sharing or remote phone access
- Seek confidential details via WhatsApp or SMS
Any such request should be treated as fraudulent.
Early Reporting Can Limit Losses
Authorities emphasised that speed is critical in cyber fraud cases. Victims should immediately:
- Call the national cybercrime helpline 1930
- File a complaint on cybercrime.gov.in
Prompt reporting can sometimes help banks freeze suspicious transactions before funds are fully laundered.
Senior Citizens Increasingly Targeted
Mumbai Police officials said senior citizens are among the most vulnerable groups, as fraudsters exploit their familiarity with banking procedures, trust in official-sounding communication and reluctance to abruptly disconnect calls.
A formal FIR has been registered, and cyber investigators are tracing the digital money trail and analysing technical evidence to identify the perpetrators.
Officials warned that the case is a stark reminder that cyber fraud has evolved beyond simple OTP scams into full-scale digital takeovers, requiring greater awareness and caution — especially among elderly users.
