The modus operandi is simple: fraudsters get victims to download an app called AnyDesk. Hackers get remote access to the mobile through a nine-digit code generated on the victim’s device. “Once a fraudster inserts this app code on his device, he will ask the victim to grant certain permissions, which are similar to what are required while using other apps,” RBI said in an advisory.
This enables the imposter to gain access to the victim’s device and carry out transaction fraudulently. The modus operandi, according to RBI, can be used to carry out transactions through any mobile banking app or payment-related apps, including UPI or wallets.
The central bank has sent an advisory to all commercial banks as the magnitude of the threat could well jeopardise thousands of crores of rupees in the accounts of retail customers, two people with direct knowledge of the matter told ET Magazine.
“We have already started issuing alerts to our customers as the regulator has expressed concern over such new ways of digital frauds,” said a senior bank executive, who did not wish to be identified. This is also relevant to customers transacting on various e-commerce platforms, the person added.
January 2019 transaction volumes over the government-backed UPI rose 8.47% to nearly 673 million against 620.17 million a month earlier. The worth of the transactions was Rs 10,900 crore.