A SIM can empty your bank account
Archana Mishra, Jan 22, 2013, DHNS: 19:59 IST
Dr Vijay Kher, a resident of Defence Colony, had no idea that someone had been keeping a constant eye on him and his activities. From his mobile calls to bank accounts and transactions, all were under vigil by unknown people.
This information hit him on October 19, 2012, when Vijay after receiving a message from his bank realised that his account has zero balance. A whopping 20 lakhs had been siphoned off through fraudulent online transaction. At the time that this was done, Vijay’s mobile phone had also gotten deactivated.
Investigations yielded fruitful results and Economic Officers Wing (EOW) of Delhi Police arrested two people. According to them, the net banking fraud was the handiwork of a gang and the masterminds were foreign-based computer experts who hack accounts through phishing – an online fraud.
Vijay’s is not an exceptional case, as every year cases of fraudulent internet banking are being reported from across the City. “As transactions through mobile banking have rapidly increased, hackers have searched out an easy way to dupe people.
They intercept one time password by obtaining duplicate SIM cards,” says Rakshit Tandon, advisor cyber security. “This is called ‘Identity theft’. The modus operandi is that hackers generate a duplicate SIM. After the SIM gets activated, hackers have access to the account of the victim on the internet. They can easily use the user-id and password and transfer the money. The bank automatically generates a onetime-password (OTP) which is received through SMS on the duplicate SIM as well,” says Rakshit.
The fact that the process of acquiring a duplicate SIM is so easy, highlights the laxity on part of the mobile operators, a fact pointed out by CGM, RBI and the banking ombudsman, M Sebastian: “Because of the certain vulnerability on the part of mobile operator, the fraudsters were impersonating and obtaining duplicate SIM cards. About 40-50 complaints were received during 2011-12.” He had then urged the banks to take up the issue with the mobile operators but it would appear little has happened in the matter.
Interestingly, what came as a big surprise during Vijay Kher’s case was that the duped money was transferred to the bank accounts opened under the fake name which raises questions on the working of the banks too. “Such activities are possible only when somebody in the bank is involved with the miscreants,” says Pankaj Jaiswal, forensic expert, IFO Forensic Standards and Research Private Limited.
“I have worked on 50 such cases where bank accounts were opened in a fake name and a huge amount of money was transferred. In almost all the cases, it was somebody from the bank who had helped people open accounts in fake names,” says Rajesh.
In this day and age of increasing internet dependence, giving net banking a pass may not be the best idea. So here’s a piece of advice. Says Rakshit, “If your SIM gets deactivated, rush to the bank first. Ask the bank to deactivate your mobile banking and then approach the mobile operator. Today, when everything is accessible through net and phone, it is advised to secure personal Ids and passwords on the computer. One should not reply to online fake payment processors and lottery firms that are used to trap people.”