No OTPs Asked, Just Missed Calls! Delhi Man Loses Rs. 50 Lakh in Cyber-Fraud

Thanks,ab kisiko call bhi nahi karunga from my Banking Number

that's why I use 2 SIMs (Calling SIMs should not be linked to any Finance Related things)

WTF

OMG....
Desh Badd rah hai...
I receive calls from more than 5 unknown numbers on daily basis o.O
What if they loot my 100 crs (But this is an issue of conern  )

Technically very smart guys... Without otp such big amount can be transferred??

No call from Bank for huge transactions...

Banking SIM no never share with anyone...

I really don't understand, how is it possible to get the OTP by calling a person?

Whenever fraud happen people dont say complete story thinking Bank wale ko pata hi kya chalega which leads to investigation in another way. 

It was not missed calls, it was blank calls

Preliminary investigations suggested that the masterminds of this fraud might be based in the Jamtara area of Jharkhand. Reports suggest that the recipients could be just the account holders who may have given their accounts on rent to the crooks.

The BIG TRAP: What Had Happened?

The incident took place on October 10.

Director of a security services firm received missed calls between 7 PM-8:44 PM.

He responded to some calls and ignored others.

He checked his phone to check messages of RTGS transactions worthy of nearly Rs 50 lakh.

Target find multiple text messages from the bank informing about transactions.

A number of RTGS transactions worth over Rs 50 lakh carried out by crooks from current account of man's company, reported Times of India.

Probe Underway: What Cops Suspect?

Police suspect a 'SIM swap' may have been carried out by the crooks.

They may have initiated RTGS transfer and enabled OTP over the phone.

They may have overheard the OTP being mentioned via IVR through a parallel call.

What is SIM Swap/SIM Cloning?

Fraudsters gain access to the customer's Subscriber Identity Module (SIM) card or may obtain a duplicate SIM card (including electronic-SIM) for the registered mobile number connected to the customer's bank account.

Fraudsters use the OTP received on such duplicate SIM to carry out unauthorised transactions.

Fraudsters generally collect the personal / identity details from the customer by posing as a telephone / mobile network staff and request the customer details in the name of offers such as - to provide free upgrade of SIM card from 3G to 4G or to provide additional benefits on the SIM card.

Precautions

Never share identity credentials pertaining to your SIM card.

Be watchful regarding mobile network access in your phone.

If there is no mobile network in your phone for a considerable amount of time in a regular environment, immediately contact the mobile operator to ensure that no duplicate SIM is being / has been issued for your mobile number.

Yeh to double dhamaka ho gaya! Pehle paisa loot gaya ( if really at all, not fabricated event ), doosra - security services company ki director ke! Ab resign karne pe bhi business band ho jayega! Kaun trust karega aise security services ko, jo khud hi loot jaaye?

Mujhe banaya hua event lag raha hai, may have ulterior motives...

ALL SIM PROVIDERS BLOCK INCOMING OTP FOR 24 HOURS WHEN THEY ISSUE DUPLICATE SIM , THEN HOW IS IT EVEN POSSIBLE ?

Look @ this case

https://dainik-b.in/SlV2w...vb

May be blank calls were made to keep his phone busy/engaged so that he doesn't receive any bank verification call from his bank regarding the high value transactions or to check whether the sim swap is effected or not, before doing the transactions.

If sim card was swapped then he wouldn't have received the SMS for RTGS transactions immediately on his device.

The only possibility is of a screen sharing/any desk malware installed on his device earlier by clicking on a link sent by crooks and following their instructions.

The transactions could have been made from his own device being controlled by crooks.

May be he carried two phones and crooks called on 2nd number in parallel when doing RTGS with OTP request by call. Then they overheard the OTP announced on the other phone. 

Incident happened on 10th October and reported in media on 12 December 😬

I also got missed calls yesterday and some I have lifted and other side no sound... Silence..... Nothing happened... Bank sim.. Seems this is another thing happened....

The fraud in question could happen only because it was a current account. You should not worry about this particular fraud. Just be careful about sharing OTP with anyone. Even the most innocuous ones may land you in trouble. 

This happened to me just the other day. Uber I had ordered for my old mom (in a different city than mine) arrived at the pick up location as shown inside Uber app and the driver called me after 7-8 minutes and told me he has already picked up my mom and to give him the OTP, I shared the OTP in message inside Uber app and the trip started. My mom called a little later saying her Uber still has not arrived. Then the Uber kept on going somewhere completely unrelated to my mom's drop off. I called multiple times and the driver didn't answer. Finally the trip ended more than 20 kms away from her desired destination and then I got a huge bill including a INR 40 waiting charge. The payment mode was set online using Axis card as I get 4% cashback for Uber trips. I registered a complaint immediately after the trip was ended (no option while ongoing) and did not pay the bill yet (which requires OTP confirmation by the Axis credit card every time, in spite of being added in the app). I'd not be able to book the next ride until I clear the dues. I cannot say what exactly happened and if some other old lady mistakenly took that Uber or it was a fraud.

I think people running security/manpower contracts have to make frequent large multiple payments and have no option but to have a current account. They may also be sharing their banking credentials with some trusted employees for offloading their responsibility, which is misused.

Most cases happen after sim swap or sim deactivation by service provider on telephonic request.

Lol I have to sometimes spend 2 days to transfer much less than this amount on my own account.

Add beneficiary, wait for 24 hours to transfer big amount. Increase netbanking/mobile banking limits. Then again wait for limit increase approval. And then transfer. All this require password and multiple OTP and security questions.

How are they doing it so easily?

1. Most reporting in the press is pathetic. And to compound this folks who have lost money are rarely coherent and cannot remember all the actions they did prior to losing money. They fail to recall that they may have clicked/installed something earlier in the day.

Bottom line - we do not know what really happened.

2. Phone security has to be taken seriously. The guy thinks he just got a call. Does he know if he installed some dis-reputed app earlier in the day which in turn pulled in some other rogue content. Despite umpteen cautionary messages, even tech aware folks routinely click on links in email trusting the email sender name they see is the REAL sender. Just the other day one of my close friends clicked on a link from an acquaintance and was staring at a blank screen. Later he ran a malware scanner to detect some trojans had been planted.

3. Finally READING SMS has to be declined by the OS. No 3rd party App has any need to read SMS. Sadly from the early days Android phones allowed every app developer free access to read SMS. These days it is done after seeking permissions. But no user notices these. If a rogue 3rd party App can read my SMS and also delete it, all 2-factor auth is compromised. iOS has denied apps the privilege to read SMS.