Amid news of cyber criminals looting ₹1 crore from 81 Mumbaikars in 16 days through bank KYC, PAN scam, a new kind of online bank fraud has emerged where a fraudster would knowingly send money in your account using Mobile payment application gateway. After sending money in your bank account through mobile payment application, the fraudster would ask you to repay the money posing as it has been send by mistake. In a good gesture, you would repay that ₹10 or ₹50 amount immediately to the callers mobile payment application number and become a victim of malware attack.
On such online frauds are executed targeting mobile payment application user, Pavan Duggal, a Delhi-based Cyberlaw expert said, “In this mix of malware plus human engineering scam, someone knowingly sends money to your account via mobile payment application gateway and calls you posing that the money was sent in your account by mistake and requests that you send the money back to their number. If you send the money back, you could become a victim of cybercrime."
On how this phishing is executed, Pavan Duggal said, "When a mobile payment application user repays the money received, their sensitive personal data comes under potential attack by the online fraudster for potential misuse, aimed at causing financial loss to the user."
Precaution for Mobile payment application users
Pavan Duggal, who is President at Cyberlaws.net went on to add, "As I told earlier, this is a mix of malware phishing plus human engineering and hence existing anti-malware software may not be sufficient to safeguard Mobile payment application users from this online fraud. So, the best solution for Mobile payment application users is to just reply to such calls citing they are asking their bank to look into the matter."
Pavan Duggar, who is advocate at Supreme Court as well, told Mobile payment application users to ask the caller to come to nearest police station and receive its money instead of giving the money back to the sender.
What’s wrong with the banks
Pavan Duggal said that there is nothing wrong with mobile payment application transactions. But, when you share screenshot of the repayment to the fraudster, you establish personal communication with him or her. This enables them to target and misuse your sensitive personal data. So, one should avoid entertaining such unknown people.
Corrigendum: An earlier version of this story mentioned PhonePe incorrectly. We have removed all references to PhonePe.