TLI Explains: How Seeking A Refund For Online Purchase Can Leave Your Bank Accounts Empty

The Logical Indian Crew India

May 22nd, 2019 / 5:47 PM

Cybercriminals in Bangalore have come up with a new trick to loot people. All you need is contact number of somebody vulnerable, a smart-phone/PC, an internet connection and you’re more than equipped to clean-sweep bank accounts.

Cybercriminals are taking refuge of mirroring apps like AnyDesk to gain access to the victims’ phone screens and thus obtain the OTP (one-time-password) to bank transactions.

Cybercrime police say at least 20 such cases have been reported in the past four months in Bangalore. RBI issued a notice to all the banks back in February cautioning them about cybercrimes being committed using apps like AnyDesk.

Oldrich Muller, COO of the app while referring to these issues said that any fraud is only possible when the user grants access. If the users remain vigilant, these frauds can be curbed.

Thanks to the increased awareness about the confidentiality of OTPs, majority of smart-phone users are now aware that they shouldn’t be sharing their OTPs with anybody for security reasons.

But along with this growing awareness, the cybercriminals have also evolved. They have pulled a trick which provides them access to their victims’ OTPs without having to ask them for the same.

A 35-year-old woman in Bangalore was trying to pay her electricity bill through an e-wallet. The payment failed but the money got debited from her account. This is a regular glitch that can happen and the money is usually refunded by the e-wallet platforms.

The woman and her husband were trying to reach out to the customer care when they received a call from an unknown man who claimed to be from the e-wallet platform and said he would initiate the repayment process and needs bank account details for the same. He also asked the couple to download AnyDesk app and asked them to share the 9-digit code generated by the app.

Having done all that the man had asked them to do, they were waiting for their 544 to get refunded, but they instead got a call from their bank and were informed of suspicious transactions from their bank account. The couple learnt that Rs 15,000 had been debited from their bank account and that was all the money they had.


What is AnyDesk app?

AnyDesk is a productivity app which enables users to access their PCs from their phones and vice versa, from any part of the globe. The app is used by a lot of major companies. It uses banking-standard TLS 1.2 technology to ensure users’ computers are protected from unauthorized access.

How are cybercriminals using a productivity app to loot people?

Step.1: Cybercriminals identify individuals who are seeking refund online.

Step.2: They call those seeking a refund and ask them for their bank account number, CVV and then ask them to download AnyDesk app to get their refund.

Step.3: After successfully talking their victims into downloading the app, they ask them for the 9-digit code that provides them with access to their victims’ phones.
Step.4: They then initiate an online payment since they already have the account number and CVV, now all they need is the OTP. Through AnyDesk app, they access their messages and get the OTP and successfully complete the transaction.   

Here’s how AnyDesk app provides cybercriminals access to their victims’ phone screens:

TLI Explains: How Seeking A Repayment Can Leave Your Bank Accounts Empty

Prithvi Raj ಅವರಿಂದ ಈ ದಿನದಂದು ಪೋಸ್ಟ್ ಮಾಡಲಾಗಿದೆ ಬುಧವಾರ, ಮೇ 22, 2019


How to avoid falling prey to this trap?

  1. If somebody asks you to download an app to get your refund, never believe them. All e-wallets process your refund on the same app.
  2. Never share your CVV and/or OTPs.
  3. If you happen to use AnyDesk, the 9-digit code generated by the app is extremely confidential and is not to be shared with anybody that you don’t trust.

Is AnyDesk app to be blamed for this?

Oldrich Muller, COO, AnyDesk cleared the air around the security issues of the app and said “AnyDesk is a secure software for remote connections, using banking-level security and encryption protocols. There is nothing wrong with the AnyDesk app itself. Users in this fraud case provided access codes to their devices to unknown persons.”

He further talked about how he and his team are working to make the app safer for its millions of users, “We want to ensure that our users are educated about the security risks coming from outside. Therefore, we will be initiating security campaigns both for private users and the authorities, to spread greater awareness on how to protect your data and what to look out for.”


Also Read: Nagaland: “Police Ke Pathshala” For Students To Combat Cybercrime And Social Media Vigilantism


Contributors

Written by : Prithvi Raj (Intern)

Edited by : Shweta Kothari

Related Stories

PMC Bank Crisis

TLI Explains: The Crisis At Punjab And Maharashtra Cooperative Bank

Fraud Dupe Movie Ticket Online

Woman Loses Rs 40,000 To Online Fraud, Trying To Get Refund Of Cancelled Movie Tickets

NRI Proxy Voting

TLI Explains: Lok Sabha Passes Bill Allowing Proxy Voting For NRIs, Is It A Good Move?

TLI Explains: SC Adjourns Hearing On Article On 35A; Know What 35A Is

Lokpal Lokayukta Act 2011

TLI Explains: 7 Years On, The Lokpal And Its Appointment

Inflation Causes

TLI Explains: India’s Inflation At 5.77%, A Four Year High

Latest on The Logical Indian

Get Inspired

This Navi Mumbai Society Is Harnessing Solar Energy To Charge Cars

News

Al-Hind Takes Responsibility For Murder Of Hindu Leader Kamlesh Tiwari In WhatsApp Video

News

India’s First Sports University To Come Up In National Capital Soon

News

OYO Faces Backlash As 15-Yr-Old Boy Dies Of Electrocution In Delhi Hotel Room

News

Swiss Glacier Shrinks 10% in 5 years, Melting At ‘Record Levels’

News

“Do Not Blame British, Rewrite History From An Indian Point Of View,” Amit Shah

x

Stories that deserve attention, delivered to your inbox!

Handpicked, newsworthy stories which deserve the attention of a rational generation.