Be-aware: Sim-Swap/Phishing Money Theft from Bank accounts!

rdst_1 · Jan 4, 2019

adventureguy said:
I'd wish this were'nt available for normal officers who do money work infront of other customers. my hdfc has a separate officer how takes these requests in separate cubicle. normal officers who do the manual money collecting work don't have access to this customer info

I don't think there can be any post, especially for someone who is posted in a branch handling customers, that these details could be kept from. Especially these days, when banks already have a lot fewer people in a branch than what that branch needs. Banking is a very stressful job these days, especially because bankers are overworked these days and don many hats in the office.

paarkhi · Jan 4, 2019

Lord Nemesis said:
All staff sitting in bank tellers in HDFC have access to the details. My main savings account is with HDFC. When I went for some work, the lady in the teller tried to pitch me Recurring Deposit, Fixed Deposits and ULIP policies saying I have over 5 lac in savings account. I told her that I already do FD's online, but she begged to take a FD at the branch as they probably get some commissions for that.

Same thing happened to me in HDFC, he practically begged me to open RD (recurring deposits) through him, I think they have some quota to be fulfilled or maybe it was for commission.

nRiTeCh · Jan 4, 2019

paarkhi said:
Same thing happened to me in HDFC, he practically begged me to open RD (recurring deposits) through him, I think they have some quota to be fulfilled or maybe it was for commission.

Its is for rewards and commission as anything via them is considered as a sale.

That's the reason my sister doesn't want to walk into her icici branch as one such cc guy always keeps asking her to open some investment into sip or something. She was unable to ignore him previously and now he keeps bumping on every visit. In fact saw few other guys literally asking to users around that sir/mam what happened about the plan you were considering last time we discussed etc.. The user doesnt recall anything as such but these guys being a daily job keep a track of everything.

paarkhi · Jan 4, 2019

nRiTeCh said:
Its is for rewards and commission as anything via them is considered as a sale.

That's the reason my sister doesn't want to walk into her icici branch as one such cc guy always keeps asking her to open some investment into sip or something. She was unable to ignore him previously and now he keeps bumping on every visit. In fact saw few other guys literally asking to users around that sir/mam what happened about the plan you were considering last time we discussed etc.. The user doesnt recall anything as such but these guys being a daily job keep a track of everything.

I too don't like to visit the HDFC branch for the same reason.

cute.bandar · Jan 5, 2019

dpandey said:
What does "request to duplicate" mean?

Many reasons like 4g -> 3g. sim size change etc.. Previous SIM gets disconnected

rdst_1 said:
Thus this guy's email would also have to be hacked in order to change

If sim is hacked, gmail is automatically hacked. Gmail forgot password primarily uses calling to phone number. And People keep a ridiculous amount of info on their gmail accounts...

For obtaining UPI pin ? There can be several ways I imagine. Maybe by removing bank account . Using some sort of forgot PIN functionality. etc.

aasimenator · Jan 5, 2019

Well I am currently paranoid and i am not sure what should be done.
I am in the process of purchasing a property so I have more than usual cash in my HDFC savings A/c this is my only primary account that i use for everything and obviously for online transactions as well (most of the time though i use my HDFC credit card)
Yesterday while speaking with a friend he told me that someone at his office was doing rounds selling SBI credit card and he opted for it. I was also interested so I asked him to get him to call me which he did. I gave him my name, DOB, PAN, mobile number over the phone, he asked me what credit card i use and its limit. he was entering all this in his portal he said, he then said I'd receive and OTP, which I did, I looked really long and hard at the OTP before giving it to him. It was from 'SBICRD' and it said "XXXXXX is your Sbi card App code. Please enter this code in the online form to authorize......" so it seems legit. he told me i have an approval of 5 lacs, i said great send me the card. He asked me to whatsapp documents (photo & aadhaar) so before i sent him the aadhaar i wrote on it "use only for SBI credit card application" in the middle and bottom."

I immediately got a reply from him stating "please send normal pic this wont be accepted and not to worry it wont be misused" and his reason was "it creates problem when printing" i said ok and sent him the normal aadhaar pic, but I've been feeling paranoid since then, not sure what we can do to protect misuse of our documents?

Edit: oh and i did recieve an email from sbi Thank You for your interest in _____Card. Your Application 220040______ is in process.

technofast · Jan 5, 2019

aasimenator said:
Well I am currently paranoid and i am not sure what should be done.
I am in the process of purchasing a property so I have more than usual cash in my HDFC savings A/c this is my only primary account that i use for everything and obviously for online transactions as well (most of the time though i use my HDFC credit card)
Yesterday while speaking with a friend he told me that someone at his office was doing rounds selling SBI credit card and he opted for it. I was also interested so I asked him to get him to call me which he did. I gave him my name, DOB, PAN, mobile number over the phone, he asked me what credit card i use and its limit. he was entering all this in his portal he said, he then said I'd receive and OTP, which I did, I looked really long and hard at the OTP before giving it to him. It was from 'SBICRD' and it said "XXXXXX is your Sbi card App code. Please enter this code in the online form to authorize......" so it seems legit. he told me i have an approval of 5 lacs, i said great send me the card. He asked me to whatsapp documents (photo & aadhaar) so before i sent him the aadhaar i wrote on it "use only for SBI credit card application" in the middle and bottom."

I immediately got a reply from him stating "please send normal pic this wont be accepted and not to worry it wont be misused" and his reason was "it creates problem when printing" i said ok and sent him the normal aadhaar pic, but I've been feeling paranoid since then, not sure what we can do to protect misuse of our documents?

Edit: oh and i did recieve an email from sbi Thank You for your interest in _____Card. Your Application 220040______ is in process.

That is the problem now as we come across multiple fraud cases and get paranoid even if it is a genuine case. Once I had cancelled my SCB credit card when the seller took it inside his office to swipe it since the wifi did not work. I was paranoid that he might have noted the cvv number and could have misused the card though it might have not happened but it was always there back of my mind, so cancelled the existing card and got another one.

NotMyRealName · Jan 5, 2019

Here's a tip: blot out the cvv with a marker or cover it with a piece of tape. helps with cards without 2fa. memorise the cvv or save it elsewhere.

sandeepsachin · Jan 5, 2019

Julian said:
Here's a tip: blot out the cvv with a marker or cover it with a piece of tape. helps with cards without 2fa. memorise the cvv or save it elsewhere.

The problem is, the CVV no is stamped (depressed) into the card. So it's imprint can be seen on the front. It's almost discernible. Have defaced it anyway on the reverse

vivek.krishnan · Jan 5, 2019

sandeepsachin said:
The problem is, the CVV no is stamped (depressed) into the card. So it's imprint can be seen on the front. It's almost discernible. Have defaced it anyway on the reverse

+1. Have done this on my now expired card.

NotMyRealName · Jan 6, 2019

sandeepsachin said:
The problem is, the CVV no is stamped (depressed) into the card. So it's imprint can be seen on the front. It's almost discernible. Have defaced it anyway on the reverse

On the front you can lightly tap/hammer it till it's flush, then marker over it, both sides. Actually, tape over the rear. Easy-peasy. You have to use finesse and the right (basic) tools though.

adventureguy · Jan 6, 2019

sandeepsachin said:
The problem is, the CVV no is stamped (depressed) into the card. So it's imprint can be seen on the front. It's almost discernible. Have defaced it anyway on the reverse

new debit cards come with cvv printed on sticker. avoids this problem

technofast · Jan 7, 2019

Skimming is another problem which is done easily. I wonder how a bunch of juice shop guys could lay hands on skimming machines and easily swindle money from bank accounts. Actually it is a good juice shop which was open from 3 am in the morning. Seems like they are busted now

https://www.thehindu.com/news/citie...l-infocity-park-perungudi/article25922544.ece

nRiTeCh · Jan 7, 2019

aasimenator said:
Well I am currently paranoid and i am not sure what should be done.
I am in the process of purchasing a property so I have more than usual cash in my HDFC savings A/c this is my only primary account that i use for everything and obviously for online transactions as well (most of the time though i use my HDFC credit card)
Yesterday while speaking with a friend he told me that someone at his office was doing rounds selling SBI credit card and he opted for it. I was also interested so I asked him to get him to call me which he did. I gave him my name, DOB, PAN, mobile number over the phone, he asked me what credit card i use and its limit. he was entering all this in his portal he said, he then said I'd receive and OTP, which I did, I looked really long and hard at the OTP before giving it to him. It was from 'SBICRD' and it said "XXXXXX is your Sbi card App code. Please enter this code in the online form to authorize......" so it seems legit. he told me i have an approval of 5 lacs, i said great send me the card. He asked me to whatsapp documents (photo & aadhaar) so before i sent him the aadhaar i wrote on it "use only for SBI credit card application" in the middle and bottom."

I immediately got a reply from him stating "please send normal pic this wont be accepted and not to worry it wont be misused" and his reason was "it creates problem when printing" i said ok and sent him the normal aadhaar pic, but I've been feeling paranoid since then, not sure what we can do to protect misuse of our documents?

Edit: oh and i did recieve an email from sbi Thank You for your interest in _____Card. Your Application 220040______ is in process.

This is fine but keep the chat record recorded. Will come handy if anything goes wrong like misuse of your info elsewhere.

Rockfella · Jan 14, 2019

paarkhi said:
I too don't like to visit the HDFC branch for the same reason.

One should not visit any bank unless it's unavoidable. It's so boring.

nRiTeCh · Jan 16, 2019

Visiting banks for most stuff is now history. Even dd, loan, or any facilities can be availed just by sitting at home. Agents visit you or everything is couriered.
Even now for opening accounts agents are sent home.

blr_p · Jan 16, 2019

Rockfella said:
One should not visit any bank unless it's unavoidable. It's so boring.

What about when getting cards and such. I'd prefer face to face in such a deal

I'm the exact opposite, i won't work with a bank unless i can walk in whenever meaning they need to be conveniently located[DOUBLEPOST=1547587008][/DOUBLEPOST]

cute.bandar said:
For obtaining UPI pin ? There can be several ways I imagine. Maybe by removing bank account . Using some sort of forgot PIN functionality. etc.

Is not using UPI an option ?

blr_p · Jan 16, 2019

This looks interesting

http://www.newindianexpress.com/cit...ine-search-results-may-be-a-trap-1925240.html

In a new modus operandi, cybercriminals are misusing a feature on search engines to cheat people, the police has discovered recently. The culprits target information seekers by exploiting the suggestion given on Google and other such websites, to edit the contact details of a business listed at a location.

The miscreants target numbers of help desks of various companies found after a search on various search engines. They edit the numbers and mislead the caller, cheating unsuspecting victims.

Complaint was filed by Umesh, who was trying to pay his electricity bill using Paytm. When it failed, he called a customer care number of the firm found during a Google search. However, when he called that number he was asked to divulge his debit card and OTP details. As soon as it was shared, the culprits siphoned off Rs 49,999.

Why are these people giving out OTP details ?

Criminals on the prowl

Debit/credit card fraud
Job frauds
Card skimming
Matrimony fraud
Business opportunity fraud
Other advance scams via online sites
Lottery fraud
SIM cloning
Social media cases
E-mail spoofing

10 ways how to get screwed

paarkhi · Jan 16, 2019

blr_p said:
Why are these people giving out OTP details ?

Ignorant, not trained how to stay safe online, I think every school and college needs to teach a basic things about staying safe online.

swatkats · Jan 21, 2019

Another one from Hyderabad; Guy lost Rs 9 Lakhs

An elaborate phishing scam came to light in Hyderabad on Saturday, showcasing how easy it is to forge someone’s identity and swap SIM cards in order to steal their money. Seven people, including two Nigerians, were part of the scam. Six have been arrested so far by the Cyber Crime Police, Cyberabad, and the kingpin is absconding.

The phishing scam came to light after one Pantham Venkata Krishna, first lost network connection to his mobile number, and two days later, found Rs 5 lakh and Rs 4 lakh being transferred from two bank accounts of companies he was associated with to bank accounts in Kolkata -- transactions he had not made. The victim then approached a mobile telecom store, and learned that a new SIM card had been taken on his name. After this he filed a complaint, an elaborate ploy unravelled.

Ebigbo Innocent alias James, the mastermind, sent phishing emails in order to collect banking credentials and registered mobile numbers. In case of a scam such as this, Trojan or other malware is sent to the unknowing victims, which helps scammers collect bank account details and your registered mobile number. Trojan is disguised as legitimate software, which is why victims fall prey to the same.

Ebigbo collected banking details and the registered mobile number this way, which he then passed on to Odafe Henry, the second accused (who is also a Nigerian national), fifth accused Rajat Kundu and one other person.

Rajat would then collect details of the phone number through his sources at mobile telecom stores and prepare fake documents. This was then used to procure a SIM card through the service provider of the victim. Usually, SIM swaps are requested by the customers themselves (for example -- if customers wish to upgrade the SIM, or if they have lost their phone and wish to block the old SIM and get a new one). But in this case, it is facilitated by the scammer and the fake documents are provided. The scammer then receives the new functional SIM, and renders the SIM held by the victim useless.

Be-aware: Sim-Swap/Phishing Money Theft from Bank accounts!

rdst_1

paarkhi

nRiTeCh

paarkhi

cute.bandar

aasimenator

MCITP 2008

technofast

Huh?

NotMyRealName

sandeepsachin

vivek.krishnan

BLR~ZRS-TX-1-MX

NotMyRealName

adventureguy

technofast

Huh?

nRiTeCh

Rockfella

Total bliss!

nRiTeCh

blr_p

blr_p

paarkhi

swatkats