Beware of Any Desk type fraudulent apps1 min read . Updated: 02 Mar 2019, 08:00 AM IST
- Giving SMS permissions and device admin permission to any app is inviting trouble
- Don’t download apps without verifying it
Check before download
Recently, the Reserve Bank of India cautioned customers of the Any Desk app used by fraudsters. It is a remote screen access app which fraudsters lure the victim into downloading on some or the other pretext, noted the National Payments Corp. of India.
An app code is generated on victim’s phone which the fraudster asks the victim to share. Once the fraudster inserts this app code on his device, they get access to the victim’s phone and credentials stored on it. The fraudster can now carry out transactions through the app. This is called vhishing (VoIP phishing).
Remote screen access app
You must be aware of remote screen access for your computer or laptops. It usually happens in office when your IT department wants to work on your computer screen from a remote location. Similarly, in apps too you have this feature which can be used to access your mobile screen. It also allows transactions. “Once access is granted by the victim, the fraudster cannot only initiate financial transactions but can also place online shopping orders using the apps available on the victim’s phone or even steal information stored on it. While number of such fraud cases are few, we urge consumers to be careful," noted NPCI.
What you should do
How can you identify these kinds of apps? “These are remote control apps and have device administration permissions. You can go to permissions list of the app and see all device administration apps. Most important is to check for SMS permissions. Only SMS app need SMS permission, nothing else. Giving SMS permissions and device admin permission to any app is inviting trouble," said Amit Jaju, senior managing director for India at FTI Consulting. The most crucial thing is do not share password, PIN, CVV, or other details needed for online transaction. Also don’t download apps without verifying it.