•Cybercriminals send QR codes via emails and WhatsApp to hack bank accounts.
•Fraudulent NPCI/UPI/BHIM handles and portals
Myriad Twitter handles masquerading as @NPCI_BHIM official helpline handle have mushroomed on the micro-blogging website. The fake accounts trick customers looking for help to reveal their account, wallet or card details.
Cybercriminals duped a garment store shopkeeper using QR Code and PIN
One fine day Amit Sharma, a garment store owner in Hyderabad receives a call from a buyer who wanted to buy garments in bulk. Amit Sharma offered him good discount on bulk purchase and provided his name, phone number, google pay, paytm and UPI details etc. for online money transfer. After getting the details, cybercriminals generated the QR code and sent it back to the shop owner via Whatsapp. He was asked to scan it and enter the PIN which was generated by the fraudster for receiving payment; and by doing it, Amit consents to the request of fraudsters. Amit repeated these steps as cybercriminal convinced him and Amit lost Rs. two lakh. in the hope of getting money back.
Another Example– Fraudsters, lists their phone numbers online, pretending NGO. A Mumbai resident wanted to cremate her pet via NGO so she found one such phone number from internet. Cybercriminals took her debit card details by asking her to download Anydesk, a remote desktop software tool which provided a complete view of the user’s screen. They withdrew Rs 30,000 from her bank account.
Preventive Steps to protect your bank account/e-wallet
•You need to scan QR code only to make the payment not to receive money.
•QR code is like a normal web link, never scan if you don’t know its origin.
•Always use two factor authentication.
•Avoid making payment using QR codes in unknown people’s wallet.
•Never click on links received via emails from unknown users. Fraudsters add an image containing the malicious QR code to the given link and this fake url link redirects the victim to fraudster’s malicious websites.
•Never share the OTP, ATM PIN with anyone.
•Check your bank account statements regularly.
•Never save debit and credit details into your devices.
•Register for SMS and Email Alerts with your bank.
•Look for verified-by-twitter blue ticks while interacting with National Payments Corporation of India(NPCI), bank or payment wallet helplines.
•While entering PIN, use your discretion to shield the keypad so that hand movements are not visible to others.
•When at an ATM, make sure that no external devices are attached to the ATM machine & no wires are hanging around