TLI Explains: How Seeking A Refund For Online Purchase Can Leave Your Bank Accounts Empty
The Logical Indian Crew India
May 22nd, 2019 / 5:47 PM
Cybercriminals in Bangalore have come up with a new trick to loot people. All you need is contact number of somebody vulnerable, a smart-phone/PC, an internet connection and you’re more than equipped to clean-sweep bank accounts.
Cybercriminals are taking refuge of mirroring apps like AnyDesk to gain access to the victims’ phone screens and thus obtain the OTP (one-time-password) to bank transactions.
Cybercrime police say at least 20 such cases have been reported in the past four months in Bangalore. RBI issued a notice to all the banks back in February cautioning them about cybercrimes being committed using apps like AnyDesk.
Oldrich Muller, COO of the app while referring to these issues said that any fraud is only possible when the user grants access. If the users remain vigilant, these frauds can be curbed.
Thanks to the increased awareness about the confidentiality of OTPs, majority of smart-phone users are now aware that they shouldn’t be sharing their OTPs with anybody for security reasons.
But along with this growing awareness, the cybercriminals have also evolved. They have pulled a trick which provides them access to their victims’ OTPs without having to ask them for the same.
A 35-year-old woman in Bangalore was trying to pay her electricity bill through an e-wallet. The payment failed but the money got debited from her account. This is a regular glitch that can happen and the money is usually refunded by the e-wallet platforms.
The woman and her husband were trying to reach out to the customer care when they received a call from an unknown man who claimed to be from the e-wallet platform and said he would initiate the repayment process and needs bank account details for the same. He also asked the couple to download AnyDesk app and asked them to share the 9-digit code generated by the app.
Having done all that the man had asked them to do, they were waiting for their 544 to get refunded, but they instead got a call from their bank and were informed of suspicious transactions from their bank account. The couple learnt that Rs 15,000 had been debited from their bank account and that was all the money they had.
What is AnyDesk app?
AnyDesk is a productivity app which enables users to access their PCs from their phones and vice versa, from any part of the globe. The app is used by a lot of major companies. It uses banking-standard TLS 1.2 technology to ensure users’ computers are protected from unauthorized access.
How are cybercriminals using a productivity app to loot people?
Step.1: Cybercriminals identify individuals who are seeking refund online.
Step.2: They call those seeking a refund and ask them for their bank account number, CVV and then ask them to download AnyDesk app to get their refund.
Step.3: After successfully talking their victims into downloading the app, they ask them for the 9-digit code that provides them with access to their victims’ phones.
Step.4: They then initiate an online payment since they already have the account number and CVV, now all they need is the OTP. Through AnyDesk app, they access their messages and get the OTP and successfully complete the transaction.
Here’s how AnyDesk app provides cybercriminals access to their victims’ phone screens:
TLI Explains: How Seeking A Repayment Can Leave Your Bank Accounts Empty
Prithvi Raj ಅವರಿಂದ ಈ ದಿನದಂದು ಪೋಸ್ಟ್ ಮಾಡಲಾಗಿದೆ ಬುಧವಾರ, ಮೇ 22, 2019
How to avoid falling prey to this trap?
- If somebody asks you to download an app to get your refund, never believe them. All e-wallets process your refund on the same app.
- Never share your CVV and/or OTPs.
- If you happen to use AnyDesk, the 9-digit code generated by the app is extremely confidential and is not to be shared with anybody that you don’t trust.
Is AnyDesk app to be blamed for this?
Oldrich Muller, COO, AnyDesk cleared the air around the security issues of the app and said “AnyDesk is a secure software for remote connections, using banking-level security and encryption protocols. There is nothing wrong with the AnyDesk app itself. Users in this fraud case provided access codes to their devices to unknown persons.”
He further talked about how he and his team are working to make the app safer for its millions of users, “We want to ensure that our users are educated about the security risks coming from outside. Therefore, we will be initiating security campaigns both for private users and the authorities, to spread greater awareness on how to protect your data and what to look out for.”
Written by : Prithvi Raj (Intern)
Edited by : Shweta Kothari