New Modus-Operandi: This Is How Cybercriminals Are Getting Net Banking OTP and Stealing Money

New Delhi: Cyber criminals are getting smarter day by day. They are stealing customers’ data using various techniques like vishing, phishing, hacking etc. and siphon-off money from their bank account.

Experts claim that scammers have adopted a new technique to dupe people. According to the new modus-operandi, criminals who obtain internet banking login ID and password through a phishing attack just requires an OTP for a successful fraudulent transaction. OTP sent by the bank for a transaction is an additional security measure.

Explaining the new modus operandi, Satyendra Sharma, a financial cyber expert who is Senior Manager- IT in PNB bank told The420.in a criminal may get the internet banking login ID and password of bank customers using phishing attack by sending a fake link to citizens through SMS/WhatsApp/email/Chat. Despite having these crucial details, he still requires OTP to transfer the money except in the customer’s self account. Now, cybercriminals are adopting a new technique to obtain OTP from the customer.

Step 1: Some bank allows the transfer of money in the self account without OTP. So the criminal who already has access to internet banking login ID and password first opens a fixed deposit or recurring deposit online using internet banking. Here no OTP is required for opening such an account and transferring money in a self account. The victim customer receives a message from the bank for transferring money in a self account.

Step 2: Now these criminals posing as bank officials call their target and state that their account has been misused and the money has been debited through internet banking. When the customer checks his SMS, he could see a debited transaction alert which displays a reduced balance.

Step 3: Conmen panics the customers and demands OTP to block internet banking and reverse the transaction amount.

Once the customers share their OTP not realising that they are now falling into the trap of cybercriminals. As soon OTP is shared cybercriminals debit the money from the victim customer’s bank account. Actually, this OTP is used for transferring money using IMPS technology.

IMPS is known as an immediate payment service and works 24×7. For making payment through IMPS, account number and IFSC is not mandatory. A bank customer can transfer money through IMPS using seven digits MMID and registered mobile number of beneficiaries without adding the beneficiaries.

Triveni Singh, superintendent of the police, Cyber Crime, Uttar Pradesh said such an issue is coming to the light and it is also an eye-opener for the bank about how criminals are misusing this. Cybercriminals are using social engineering methods to extract OTPs from customers. Banks must ensure strict alternate check methods to stop fraudulent transactions.

Follow The420.in on Facebook, Twitter, LinkedIn, Instagram, YouTube & Telegram