Be alert and careful while handling your bank website or banking app. Your carelessness leads to a banking fraud by stealing data through web.
In this growing digital world, your device (mobile, laptop, tablet, desktop, etc.) enables to login and access various transaction platforms. Hence, the security of your device is very important to stay protected from malicious software, phishing attacks, etc. We come across cases, where users fall prey to device takeover frauds and end up in losing their hard-earned money. Here, we’ll share with you early warning signals which can lead to such frauds and how you can protect yourselves.
What is Device Takeover?
It is a type of fraud where fraudsters able to get access to your device via various methods such as using remote applications, lost/theft devices, etc. and siphon off victim’s hard-earned money in just couple of minutes.
Fraudsters target general public by sending scary SMS conveying that their Paytm account would be blocked or KYC will expire and ask them to call on a particular number provided in the SMS to resolve the situation. They pretend as Bank executives and by extending assistance to complete KYC. They ask you to install remote support application such as AnyDesk, TeamViewer, QuickSupport, etc.
Once the app is installed, typically a numerical code (example 567 843 554) is generated which when shared, allows fraudsters to access and view your device screen remotely. At this stage, what so ever details you are entering on your device, the fraudster is able to see it.
At times, the fraudster can even control your device / perform actions on your device. As a result, these fraudsters can access your entire mobile banking app and they will be able to transact through your account, which includes UPI and wallets.
To curb this activity, Paytm has built security feature to block sharing of screen replica on remote devices by way of screen blackout. Because of this security feature, the fraudsters might ask you to open bank website on the browser on your phone instead of bank app so that they can see your password in clear text while you enter the password. Once the fraudster gets your password, they would access the account from their devices.
As the fraudster has access to your device and screen via the remote support application, they need not explicitly ask you the OTP for login, as they are able to read it from the device screen itself. This enables the fraudsters to initiate fraudulent transactions.
The other way is they try to access lost/theft devices and defraud victims by gaining access to banking applications.
Points to remember
- Understand the risks of downloading screen sharing apps mentioned above. Security of device is in your own hands, never allow outsiders to gain access to your device.
- Bank never asks you to download these unsecured or unverified apps.
- Ignore KYC related calls/sms sent by fraudsters and never call on mobile number mentioned in SMS. Bank helpline is specifically listed at your bank’s website.
- Full KYC is possible by having a face-to-face meeting with our agent at an authorized KYC point. For details of KYC points visit your bank website.
- Always protect your devices using 2-level security features. Enable Paytm Security Shield from your settings options in bank’s App.
- Immediately report device lost/theft to the authorities and telecom operator. Block your SIM to avoid misuse.
- Avoid using other users’ device to login to your bank accounts. Always logout from your bank/wallet account in case you need to use other person’s device to access your account.
- Never enter your credit/debit card details, Paytm password, OTP or your card CVV number on any website or url link sent on SMS on dubious pretexts.
- Bank employee will never ask you for any of your PIN, OTP, Password, Password reset link, Debit/Credit card CVV or PIN or bank details.
- Bank sends SMS for transaction alerts, point out immediately if any wrong transaction is noticed.