My Experience with SBI YONO ATM Fraud: How I Recovered My Money

Great work. 

Where there is a will...there is a way...everything is possible if we fight for it

Thanks for sharing 

Good job.

What I would be interested in knowing is what the bank found out about how the two withdrawals happened and their conclusion.

Wait I don't understand your contradicting statement: 

"SBI YONO or SBI YONO Lite did not have SMS verification in 2020, and how the fraudster obtained the OTP."

Isn't OTP a way of SMS verification?

Personally I haven't been a victim of fraud yet but some impostor did attempt to break into one of my bank accounts by impersonating official bank customer care on Twitter and trying to get me into sending an SMS from my device to authorize his device so he could transfer the balance to his account. Daily I report at least a couple of such fraud accounts now on Twitter. But I feel it's a losing battle because of how Twitter easily allows such impostors to exist.

Same happened with my friend, 5-6 years before, we were in office and suddenly he got 6 sms of rs 10,000 withdrawal from ATM APPX 20 KM far from us, he checked whether ATM card with him, then check bank account, in between another 3 SMSs for 10,000 withdrawal, Total 90,000 was withdrawn. He complain to customer and during his talk to customer care 1 more message of 5000 debit, he blocked his card and and registered a complaint.

To our surprise whole 95000 was credited on 3rd day and customer care told us it was due to technical error at ATM

It was Axis Bank

some1anywhere wrote:

Wait I don't understand your contradicting statement: 

"SBI YONO or SBI YONO Lite did not have SMS verification in 2020, and how the fraudster obtained the OTP."

Isn't OTP a way of SMS verification?

Personally I haven't been a victim of fraud yet but some impostor did attempt to break into one of my bank accounts by impersonating official bank customer care on Twitter and trying to get me into sending an SMS from my device to authorize his device so he could transfer the balance to his account. Daily I report at least a couple of such fraud accounts now on Twitter. But I feel it's a losing battle because of how Twitter easily allows such impostors to exist.

Nope at that Time only entering USER ID and PASSWORD was enough

SBI Yono (AKA SBI Net Banking Tech Team Later implemented SMS Verification feature later on in an update)

1cooldesidd wrote:

Good job.

What I would be interested in knowing is what the bank found out about how the two withdrawals happened and their conclusion.

Never know that thing how did they know?

In an Initial Investigation, SBI Mumbai Cyber Division Team investigated and there was a Guy Named Akshay....he even tried to add the Beneficiary but failed because of Additional Security Layer such as Profile Password (MPIN) he didn't know.

That's why, But when RBI Intervened that matter was pretty serious and also I have attached many reports such as SBI Net Banking hasn't had enough security measures and how the people are bypassing this nobody noticed!

https://trak.in/tags/business/2021/11/13/sbi-cu...

https://www.quora.com/Recently-a-lady-lost-Rs-6...

Good work .

Didn't u get any interest on that 40k?

Or 3 months is the normal period and after that interest is applicable?

Could you also elaborate/talk more about  why insurance protection for fraud by debit card for Visa/Mastercard was denied @shraaj

Why to keep huge liquid cash and not make online fixed deposit for certain period of time and get renewed automatically? 

shashi118 wrote:

Why to keep huge liquid cash and not make online fixed deposit for certain period of time and get renewed automatically? 

the FD's ,no doubt, can easily be made online.
but they can be closed and credited back to a/c with the same ease

Hotsoup wrote:

Same happened with my friend, 5-6 years before, we were in office and suddenly he got 6 sms of rs 10,000 withdrawal from ATM APPX 20 KM far from us, he checked whether ATM card with him, then check bank account, in between another 3 SMSs for 10,000 withdrawal, Total 90,000 was withdrawn. He complain to customer and during his talk to customer care 1 more message of 5000 debit, he blocked his card and and registered a complaint.

To our surprise whole 95000 was credited on 3rd day and customer care told us it was due to technical error at ATM

It was Axis Bank

Mistake from the bank. Usually it will take more than 10 branch visits and 20 complaints and 30 calls to bank to get back money.

So many people accounts got debited by small amount like Rs 2000 etc.This was done using biometrics obtained from various platforms like Land Registration, AEPS etc......There are no strict laws in India and these type of transactions will increase drastically

It Happened with my senior, about 5 years ago he lost 50k without sharing any details. Learning from him I kept most of my money in paper assets.He later on kept an account in SBI without any net banking, debit card or even UPI facility. That's hard for me to follow so I think paper assets like stocks and bonds are better secured than bank accounts these days.

007akshayjain73 wrote:

Could you also elaborate/talk more about  why insurance protection for fraud by debit card for Visa/Mastercard was denied @shraaj

Because it was a CardLess Transaction.

Which doesn't require a Physical Debit Card.

kartikxxx wrote:

Good work .

Didn't u get any interest on that 40k?

Or 3 months is the normal period and after that interest is applicable?

I guess so! 3 months is normal because as far as I remember I received it within 2.5 months

shraaj wrote:
Nope at that Time only entering USER ID and PASSWORD was enough

SBI Yono (AKA SBI Net Banking Tech Team Later implemented SMS Verification feature later on in an update)

Even ICICI net banking does not have 2 factor authentication. It simply allows to enter after username and password.. That always feels me risky..

hemant301 wrote:

Even ICICI net banking does not have 2 factor authentication. It simply allows to enter after username and password.. That always feels me risky..

Set a Complex Password

XfM5?oNs!N$iihTSc$$t$E5&F&qz94

hemant301 wrote:

Even ICICI net banking does not have 2 factor authentication. It simply allows to enter after username and password.. That always feels me risky..

I don't agree.. it asks for password or pin with OTP 

vibhujain wrote:

I don't agree.. it asks for password or pin with OTP 

Which ICICI account you are using🤣,for Performing Transactions Only it asks for OTP/GRID Details otherwise just to login it won't ask

Why did fraud protection on the card did not apply to your situation?

It sometimes feels like the banks/financial institutions want to force people to buy card protection plan, by sponsoring small time frauds to scare people.

tomriddle wrote:

Why did fraud protection on the card did not apply to your situation?

Please Visit

https://www.desidime.com/deals/my-experience-wi...

@toxifier

shraaj wrote:
Which ICICI account you are using🤣,for Performing Transactions Only it asks for OTP/GRID Details otherwise just to login it won't ask

I believe nearly all bank's netbanking asks for otp/2fa in addition to user/pass whenever it detects a new browser/app login, or in few cases even for a different geo location or ip address. Try logging in from a new browser and check.
A better way to even test hack yourself is to simply use a new browser, along a fake/mock location which is far away in a different state, and use a vpn or a new ip. This way you would know how easy/difficult would it be for a hacker to get your access, assuming your user/pass is leaked. Even go to the extent of trying forgot your user/pass and see what all is needed to reset it, in case a hacker tries this approach.

BlueFlash wrote:
I believe nearly all bank's netbanking asks for otp/2fa in addition to user/pass whenever it detects a new browser/app login, or in few cases even for a different geo location or ip address. Try logging in from a new browser and check.
A better way to even test hack yourself is to simply use a new browser, along a fake/mock location which is far away in a different state, and use a vpn or a new ip. This way you would know how easy/difficult would it be for a hacker to get your access, assuming your user/pass is leaked. Even go to the extent of trying forgot your user/pass and see what all is needed to reset it, in case a hacker tries this approach.

Whatever you have mentioned tried everything like Changing Locations, Browsers , New IP, etc but ICICI Net Banking doesn't ask for Additional OTP While Logging in.

Other users can confirm the same!

hemant301 wrote:

Even ICICI net banking does not have 2 factor authentication. It simply allows to enter after username and password.. That always feels me risky..

Many banks' netbanking don't have 2fa & the reason probably being that those banks then ask for other passwords/otp while doing any txn after login to internet banking(e.g. some psu banks with no 2fa for internet banking ask for profile password along with otp for doing any fund transfer/beneficiary add). I am guessing ICICI does something similar.
@vibhujain @BlueFlash @shraaj

horrifying...

who was your mobile operator ? was it airtel?

1. sim card cloning is when someone obtain your duplicate sim based on forge doc.

2. when using on android many apps have acess to SMS, if they also have your card detail then u r done

India is the best and greatest country in the world and its system is fully secure still such thing happen and people need to go to RBI /courts for justice